User's Guide: Create, Update, Clone, and Delete Workflows

1.0 Introduction

Workflow graphs are maps that show how generic applications are connected to datasets and other generic applications. These are collaborative objects where multiple users can provide their own objects and approvals.

There are two types of workflows - draft and final.

  • Draft workflows are unapproved/in-progress items that do not grant any permissions to applications.

  • Final workflows are versioned and quorum approval protected objects. These workflows grant the applications access to datasets if they have requested and received certificates that confirm they are running in the required approved workflow.

An application running inside a final workflow is allowed to access all connected datasets, this means:

  • The enclave will have access to the protected data guarded by input datasets.

  • It can upload data to the protected locations defined by output datasets.

To move from a draft workflow to a final workflow, you require approvals. For approvals:

  • A Fortanix CCM Account Administrator will invite other users to join the account.

  • The users join the account and provide data in the form of datasets and applications/application configurations.

For example, in this article we have the following users:

  • Account Owner

  • Data Owner

  • Application Owner

Data Owners and Application Owners collaborate on a graph. After the graph is completed, the Administrator will submit it for approval. A workflow graph must be approved by all the users of the graph.

2.0 Create a Workflow

Perform the following steps to create a workflow:

  1. Click the Workflows from the menu list in the Fortanix CCM UI.

  2. In the Workflows page, click + WORKFLOW to create a new workflow.  

    add-workflow-button.png

    Figure 1: Create Workflow Button

  3. In the CREATE NEW WORKFLOW dialog box, enter the Workflow Name, assign it to a Group and provide a Description (optional). Click CREATE WORKFLOW to access the Workflow graph.

    Figure 19.png

    Figure 2: Created the Workflow

  4. To add an application to the Workflow graph, drag the "App" icon and drop it into the graph area. Click the + APPLICATION. In the ADD APPLICATION dialog box, select an existing application name and image. For example: /simple-python-sgx:latest from the list of available application images.
    Where, <my-registry>is the location of your registry.

    Screenshot (42).png

    Figure 3: Select Application and Image

  5. Click the + ADD NEW CONFIGURATION button to either add a new application configuration or select an existing one.  

    Screenshot (43).png

    Figure 4: Add Application Configuration

  6. Add input and output datasets to the workflow graph by dragging the dataset icon and placing it in the graph area. Click the + DATASET. In the ADD DATASET dialog box, select from an existing dataset or create a new dataset. Click CREATE DATASET to create the dataset.  

    Picture1.png

    Figure 5: Add Dataset to Workflow

  7. Establish connections between the applications and input/output datasets. To do this, connect the Input Dataset to the Application by selecting the "Input" Target Port. Repeat this process to connect the Application to the Output Dataset with the "Output" Target Port.

    Screenshot (46).png

    Figure 6: Create Connection

  8. After the Workflow is complete, click the REQUEST APPROVAL button to initiate the approval process for the Workflow.  

    Screenshot (49).png

    Figure 7: Request Workflow Approval

    WARNING

    When a draft Workflow is submitted for approval, it will be removed from the drafts list and editing it directly will no longer be possible once it is in a "pending" or "approved" state.

  9. The workflow remains in a pending state until it receives approval from all users. In the Pending menu item, click SHOW APPROVAL REQUEST to approve a Workflow.  

    Screenshot (51).png

    Figure 8: Workflow Pending Approval

  10. In the APPROVAL REQUEST - CREATE WORKFLOW dialog box, you can either APPROVE or DECLINE a workflow.  

    Screenshot (52).png

    Figure 9: Approve the Workflow

    NOTE

    • A user can also approve/decline a Workflow from the CCM Tasks menu item.

    • Notice that the users who have approved the workflow have a green tick  WorkflowEx27.png against their icon.

  11. All the users of a Workflow must approve the Workflow to finalize it. If a user declines a Workflow, the Workflow is rejected. When all the users approve the Workflow, it is deployed.

    1. CCM configures apps to access the datasets.

    2. CCM creates the Workflow Application Configs.

    3. CCM returns the list of hashes needed to start the apps.

3.0 Edit Workflow Graphs

Perform the following steps to edit a workflow:

  1. In the Approved menu item, click the overflow menu for a workflow and select EDIT WORKFLOW to edit the workflow. When a workflow is edited, a new version of the workflow is created for editing in “draft” state. The existing version stays unchanged. For example, if the first version (Version 1) of an approved workflow “Workflow 1.0” is edited, a new version (Version 2) of “Workflow 1.0” is created.  

    Screenshot (37).png

    Figure 10: Edit a workflow

  2. Update the workflow graph with the required changes and click REQUEST APPROVAL to submit the workflow for approval.  

    CCM_workflow24.png

    Figure 11: Request edited workflow for approval

  3. A new version (Version 2) of the workflow is created in “pending” state. Click SHOW APPROVAL REQUEST to approve the workflow.  

    CCM_workflow14a.png

    Figure 12: Edited workflow in pending state

  4. Click APPROVE to approve the workflow.  

    CCM_workflow22.png

    Figure 13: Approve the workflow

  5. After the workflow Version 2 is approved, it will be linked to Version 1. Now, the user can either delete workflow Version 1 or restore it.  

    CCM_workflow23.png

    Figure 14: Workflow version 1

4.0 Clone Workflow Graphs

A workflow is cloned when you want to create a copy of an existing workflow instead of creating it from scratch.

Perform the following steps to create a workflow clone:

  1. For an approved or draft workflow, click the overflow menu on the right and select CLONE WORKFLOW to copy the workflow. When a workflow is cloned, the new workflow is created with a modified name. For example, if the approved workflow “Workflow 1.0” is cloned, a new workflow “Workflow 1.0 (clone)” is created. The user can modify the workflow name using the Edit  CCM_workflow17.png icon next to the name.  

    Screenshot (37) - Copy.png

    Figure 15: Clone a workflow

  2. Update the workflow graph with the required changes and click REQUEST APPROVAL to submit the workflow for approval.

  3. A new workflow is created in “pending” state.

5.0 Delete Workflow Graphs

Perform the following steps to delete a workflow:

  1. For an approved workflow, click the overflow menu on the right and select DELETE WORKFLOW to delete the workflow.  

    Screenshot (38) - Copy.png

    Figure 16: Delete a workflow

  2. In the DELETE WORKFLOW dialog box, click DELETE to confirm.

  3. The workflow is deleted.