arazzo: 1.0.1
info:
  title: Google Workspace Restore a Deleted User
  summary: Find a recently deleted user, undelete it into an org unit, and confirm.
  description: >-
    Reverses an accidental deletion within the twenty-day recovery window. The
    workflow lists deleted users to locate the target by id, restores the
    account into a chosen organizational unit with the undelete operation, and
    then reads the user back to confirm it is active again. Every step spells out
    its request inline so the flow can be read and executed without opening the
    underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: directoryApi
  url: ../openapi/admin-sdk-directory-api.yml
  type: openapi
workflows:
- workflowId: restore-deleted-user
  summary: Locate a deleted user and undelete it back into an org unit.
  description: >-
    Lists deleted users to find the target id, undeletes the account into the
    supplied org unit path, and fetches the restored user to confirm it is no
    longer suspended or deleted.
  inputs:
    type: object
    required:
    - accessToken
    - userKey
    properties:
      accessToken:
        type: string
        description: OAuth 2.0 bearer access token with the admin.directory.user scope.
      userKey:
        type: string
        description: The unique id of the deleted user to restore.
      orgUnitPath:
        type: string
        description: Org unit path to restore the user into.
        default: /
      customer:
        type: string
        description: Customer account id or the my_customer alias.
        default: my_customer
  steps:
  - stepId: listDeleted
    description: >-
      List deleted users in the customer account so the target can be confirmed
      as present in the recoverable window.
    operationId: listUsers
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: customer
      in: query
      value: $inputs.customer
    - name: showDeleted
      in: query
      value: "true"
    - name: maxResults
      in: query
      value: 500
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      deletedUsers: $response.body#/users
  - stepId: undeleteUser
    description: >-
      Restore the deleted user account and place it into the supplied
      organizational unit.
    operationId: undeleteUser
    parameters:
    - name: userKey
      in: path
      value: $inputs.userKey
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    requestBody:
      contentType: application/json
      payload:
        orgUnitPath: $inputs.orgUnitPath
    successCriteria:
    - condition: $statusCode == 204
  - stepId: confirmRestored
    description: >-
      Read the restored user back to confirm the account is active again and
      placed in the expected org unit.
    operationId: getUser
    parameters:
    - name: userKey
      in: path
      value: $inputs.userKey
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/id
      primaryEmail: $response.body#/primaryEmail
      orgUnitPath: $response.body#/orgUnitPath
  outputs:
    userId: $steps.confirmRestored.outputs.userId
    primaryEmail: $steps.confirmRestored.outputs.primaryEmail
    orgUnitPath: $steps.confirmRestored.outputs.orgUnitPath