You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2021/09/21 15:42:14 UTC
[airavata-custos] branch develop updated: #226
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new da6ba31 #226
new 6e7ebfa Merge pull request #234 from isururanawaka/issue_226
da6ba31 is described below
commit da6ba31245cc230c1a018f4072e2306ac19d46c4
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Tue Sep 21 11:40:41 2021 -0400
#226
---
.../iam/admin/client/IamAdminServiceClient.java | 4 +++
.../apache/custos/iam/service/IamAdminService.java | 29 +++++++++++++++++
.../src/main/proto/IamAdminService.proto | 7 ++++
.../services/clients/keycloak/KeycloakClient.java | 36 ++++++++++++++++++---
.../src/main/resources/user-management-service.pb | Bin 127448 -> 128317 bytes
.../interceptors/AuthInterceptorImpl.java | 15 +++++++++
.../management/service/UserManagementService.java | 19 +++++++++++
.../src/main/proto/UserManagementService.proto | 6 ++++
8 files changed, 112 insertions(+), 4 deletions(-)
diff --git a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
index a7bce3a..361e002 100644
--- a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
+++ b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
@@ -349,6 +349,10 @@ public class IamAdminServiceClient {
return iamAdminServiceBlockingStub.deleteExternalIDPLinksOfUsers(deleteExternalIDPsRequest);
}
+ public OperationStatus addExternalIDPLinksOfUsers(AddExternalIDPLinksRequest addExternalIDPLinksRequest) {
+ return iamAdminServiceBlockingStub.addExternalIDPLinksOfUsers(addExternalIDPLinksRequest);
+ }
+
public Agent getAgent(UserSearchRequest request) {
return iamAdminServiceBlockingStub.getAgent(request);
}
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index 0cfc220..188b3d0 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -579,6 +579,35 @@ public class IamAdminService extends IamAdminServiceImplBase {
}
@Override
+ public void addExternalIDPLinksOfUsers(AddExternalIDPLinksRequest request, StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
+ try {
+ long tenantId = request.getTenantId();
+ List<ExternalIDPLink> externalIDPLinkList = request.getIdpLinksList();
+ List<FederatedIdentityRepresentation> federatedIdentityRepresentations = new ArrayList<>();
+ externalIDPLinkList.forEach(link -> {
+ FederatedIdentityRepresentation representation = new FederatedIdentityRepresentation();
+ representation.setUserId(link.getProviderUserId());
+ representation.setUserName(link.getProviderUsername());
+ representation.setIdentityProvider(link.getProviderAlias());
+ federatedIdentityRepresentations.add(representation);
+
+ });
+ keycloakClient.addExternalIDPLinks(String.valueOf(tenantId), federatedIdentityRepresentations);
+ org.apache.custos.iam.service.OperationStatus status = org.apache.custos.iam.service.OperationStatus
+ .newBuilder()
+ .setStatus(true)
+ .build();
+ responseObserver.onNext(status);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while getExternalIDPLinksOfUsers" + ex;
+ LOGGER.error(msg, ex);
+ responseObserver.onError(io.grpc.Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+
+ @Override
public void updateUserProfile(UpdateUserProfileRequest request, StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
String userId = request.getUser().getUsername() + "@" + request.getTenantId();
diff --git a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 42aef71..77fe2bb 100644
--- a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -429,6 +429,12 @@ message GetExternalIDPsResponse {
repeated ExternalIDPLink idp_links = 1;
}
+message AddExternalIDPLinksRequest {
+ repeated ExternalIDPLink idp_links = 1;
+ int64 tenant_id= 2;
+ string client_id = 3;
+}
+
service IamAdminService {
rpc setUPTenant (SetUpTenantRequest) returns (SetUpTenantResponse);
@@ -453,6 +459,7 @@ service IamAdminService {
rpc removeAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest) returns (OperationStatus);
rpc getExternalIDPLinksOfUsers(GetExternalIDPsRequest) returns (GetExternalIDPsResponse);
+ rpc addExternalIDPLinksOfUsers(AddExternalIDPLinksRequest) returns (OperationStatus);
rpc registerAndEnableUsers (RegisterUsersRequest) returns (RegisterUsersResponse);
rpc addUserAttributes (AddUserAttributesRequest) returns (OperationStatus);
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index 563e580..3d61a5f 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -37,7 +37,6 @@ import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import java.net.URI;
import java.util.*;
-import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
/**
@@ -867,7 +866,7 @@ public class KeycloakClient {
Keycloak client = null;
try {
// get client
- LOGGER.info("IAM server URL "+ iamServerURL);
+ LOGGER.info("IAM server URL " + iamServerURL);
client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
RealmResource realmResource = client.realm(realmId);
@@ -1480,6 +1479,37 @@ public class KeycloakClient {
}
+ public void addExternalIDPLinks(String realmId, List<FederatedIdentityRepresentation> representations) {
+
+ Keycloak client = null;
+ try {
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+ Keycloak finalClient = client;
+ if (representations != null && !representations.isEmpty()) {
+ representations.forEach(fed -> {
+ List<UserRepresentation> userRepresentationList = finalClient.realm(realmId).users().search(fed.getUserName());
+ userRepresentationList.forEach(user -> {
+ UserResource userResource = finalClient.realm(realmId).users().get(user.getId());
+ userResource.addFederatedIdentity(fed.getIdentityProvider(), fed);
+ });
+
+ });
+ }
+
+ } catch (Exception ex) {
+ String msg = "Error occurred while adding external IDP links " +
+ realmId + ", reason " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ throw new RuntimeException(msg, ex);
+
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+
+ }
+
/**
* creates groups and child groups in Keycloak
@@ -1912,8 +1942,6 @@ public class KeycloakClient {
}
-
-
private Keycloak getClient(String adminUrl, String realm, String loginUsername, String password) {
return KeycloakUtils.getClient(adminUrl, realm, loginUsername,
diff --git a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
index 8118546..4ee8d22 100644
Binary files a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb and b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb differ
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
index e4d1879..b4351cc 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
@@ -473,6 +473,21 @@ public class AuthInterceptorImpl extends MultiTenantAuthInterceptor {
.setTenantId(tenantId)
.setClientId(oauthId)
.build();
+ } else if (method.equals("addExternalIDPsOfUsers")) {
+ AddExternalIDPLinksRequest getExternalIDPsRequest = (AddExternalIDPLinksRequest) msg;
+
+ Optional<AuthClaim> claim = authorize(headers, getExternalIDPsRequest.getClientId());
+
+ if (claim.isEmpty()) {
+ throw new UnAuthorizedException("Request is not authorized", null);
+ }
+ String oauthId = claim.get().getIamAuthId();
+ long tenantId = claim.get().getTenantId();
+
+ return (ReqT) ((AddExternalIDPLinksRequest) msg).toBuilder()
+ .setTenantId(tenantId)
+ .setClientId(oauthId)
+ .build();
}
return msg;
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
index 3a108cf..c8e4ae0 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
@@ -1303,6 +1303,25 @@ public class UserManagementService extends UserManagementServiceGrpc.UserManagem
}
}
+
+ @Override
+ public void addExternalIDPsOfUsers(AddExternalIDPLinksRequest request, StreamObserver<OperationStatus> responseObserver) {
+ try {
+ LOGGER.debug("Request received to addExternalIDPsOfUsers of users in " + request.getTenantId());
+
+ OperationStatus status = iamAdminServiceClient.addExternalIDPLinksOfUsers(request);
+
+ responseObserver.onNext(status);
+ responseObserver.onCompleted();
+
+ } catch (Exception ex) {
+ String msg = "Error occurred while adding external IDPs of Users " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+
+ }
+ }
+
@Override
public void synchronizeUserDBs(SynchronizeUserDBRequest request, StreamObserver<OperationStatus> responseObserver) {
try {
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto b/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
index e04fbdf..9d1a337 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
@@ -145,6 +145,12 @@ service UserManagementService {
};
}
+ rpc addExternalIDPsOfUsers (org.apache.custos.iam.service.AddExternalIDPLinksRequest) returns (org.apache.custos.iam.service.OperationStatus) {
+ option (google.api.http) = {
+ post: "/user-management/v1.0.0/users/federatedIDPs"
+ };
+ }
+
rpc getExternalIDPsOfUsers (org.apache.custos.iam.service.GetExternalIDPsRequest) returns (org.apache.custos.iam.service.GetExternalIDPsResponse) {
option (google.api.http) = {