You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2021/08/13 14:19:48 UTC
[airavata-custos] branch develop updated: Add get external idp links
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new e478226 Add get external idp links
new 4270bef Merge pull request #225 from isururanawaka/develop
e478226 is described below
commit e47822665b3938471da95ebd21874c7af9815f1b
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Fri Aug 13 10:18:51 2021 -0400
Add get external idp links
---
.../iam/admin/client/IamAdminServiceClient.java | 4 +++
.../apache/custos/iam/service/IamAdminService.java | 26 +++++++++++++--
.../custos/iam/validator/InputValidator.java | 21 ++++++++++++
.../src/main/proto/IamAdminService.proto | 18 ++++++++++
.../services/clients/keycloak/KeycloakClient.java | 37 +++++++++++++++++++++
.../main/resources/protos/IamAdminService.proto | 18 ++++++++++
.../resources/protos/UserManagementService.proto | 7 ++++
.../src/main/resources/user-management-service.pb | Bin 126088 -> 127448 bytes
.../interceptors/AuthInterceptorImpl.java | 17 +++++++++-
.../management/service/UserManagementService.java | 18 ++++++++++
.../src/main/proto/UserManagementService.proto | 7 ++++
11 files changed, 169 insertions(+), 4 deletions(-)
diff --git a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
index fabee59..a7bce3a 100644
--- a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
+++ b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
@@ -362,6 +362,10 @@ public class IamAdminServiceClient {
return iamAdminServiceBlockingStub.deleteTenant(request);
}
+ public GetExternalIDPsResponse getExternalIDPLinks(GetExternalIDPsRequest request) {
+ return iamAdminServiceBlockingStub.getExternalIDPLinksOfUsers(request);
+ }
+
private StreamObserver getObserver(ServiceCallback callback, String failureMsg) {
final Object[] response = new Object[1];
StreamObserver observer = new StreamObserver() {
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index 68931db..0cfc220 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -31,10 +31,8 @@ import org.apache.custos.federated.services.clients.keycloak.UnauthorizedExcepti
import org.apache.custos.iam.service.IamAdminServiceGrpc.IamAdminServiceImplBase;
import org.apache.custos.iam.utils.IAMOperations;
import org.apache.custos.iam.utils.Status;
-import org.keycloak.representations.idm.EventRepresentation;
-import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.representations.idm.UserSessionRepresentation;
+import org.keycloak.representations.idm.*;
import org.lognet.springboot.grpc.GRpcService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -559,6 +557,28 @@ public class IamAdminService extends IamAdminServiceImplBase {
}
@Override
+ public void getExternalIDPLinksOfUsers(GetExternalIDPsRequest request, StreamObserver<GetExternalIDPsResponse> responseObserver) {
+ try {
+ long tenantId = request.getTenantId();
+ List<FederatedIdentityRepresentation> identityRepresentations = keycloakClient.getExternalIDPLinks(String.valueOf(tenantId), request.getUserId());
+ GetExternalIDPsResponse.Builder response = GetExternalIDPsResponse.newBuilder();
+ identityRepresentations.forEach(rep -> {
+ response.addIdpLinks(ExternalIDPLink.newBuilder()
+ .setProviderAlias(rep.getIdentityProvider())
+ .setProviderUsername(rep.getUserName())
+ .setProviderUserId(rep.getUserId()));
+ });
+
+ responseObserver.onNext(response.build());
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while getExternalIDPLinksOfUsers" + ex;
+ LOGGER.error(msg, ex);
+ responseObserver.onError(io.grpc.Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
public void updateUserProfile(UpdateUserProfileRequest request, StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
String userId = request.getUser().getUsername() + "@" + request.getTenantId();
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java
index 4974608..4d856f9 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java
@@ -141,6 +141,10 @@ public class InputValidator implements Validator {
case "deleteExternalIDPLinksOfUsers":
validateDeleteExternalIDPsLinks(obj);
break;
+ case "getExternalIDPLinksOfUsers":
+ validateGetExternalIDPsLinks(obj);
+ break;
+
default:
@@ -933,4 +937,21 @@ public class InputValidator implements Validator {
}
return true;
}
+
+ private boolean validateGetExternalIDPsLinks(Object obj) {
+ if (obj instanceof GetExternalIDPsRequest) {
+ GetExternalIDPsRequest request = (GetExternalIDPsRequest) obj;
+
+ if (request.getTenantId() == 0) {
+ throw new MissingParameterException("Tenant Id should not be null", null);
+ }
+ if (request.getUserId().isEmpty()) {
+ throw new MissingParameterException("User Id should not be null", null);
+ }
+
+ } else {
+ throw new RuntimeException("Unexpected input type for method getExternalIDPLinks");
+ }
+ return true;
+ }
}
diff --git a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 418ba8f..42aef71 100644
--- a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -412,6 +412,23 @@ message DeleteExternalIDPsRequest {
repeated string user_id=3;
}
+message GetExternalIDPsRequest {
+ int64 tenant_id= 1;
+ string client_id = 2;
+ string user_id=3;
+}
+
+
+message ExternalIDPLink {
+ string provider_alias = 1;
+ string provider_user_id =2;
+ string provider_username = 3;
+}
+
+message GetExternalIDPsResponse {
+ repeated ExternalIDPLink idp_links = 1;
+}
+
service IamAdminService {
rpc setUPTenant (SetUpTenantRequest) returns (SetUpTenantResponse);
@@ -435,6 +452,7 @@ service IamAdminService {
rpc grantAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc removeAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest) returns (OperationStatus);
+ rpc getExternalIDPLinksOfUsers(GetExternalIDPsRequest) returns (GetExternalIDPsResponse);
rpc registerAndEnableUsers (RegisterUsersRequest) returns (RegisterUsersResponse);
rpc addUserAttributes (AddUserAttributesRequest) returns (OperationStatus);
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index cb7a449..ab37972 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -1432,6 +1432,43 @@ public class KeycloakClient {
}
+ public List<FederatedIdentityRepresentation> getExternalIDPLinks(String realmId, String requestedUser) {
+
+ Keycloak client = null;
+ List<FederatedIdentityRepresentation> arrayList = new ArrayList<>();
+ try {
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+
+ RealmResource realmResource = client.realm(realmId);
+ List<UserRepresentation> userResourceList = client.realm(realmId).users().list();
+ userResourceList.forEach(user -> {
+ if (requestedUser.equals(user.getUsername())) {
+ UserResource userResource = realmResource.users().get(user.getId());
+ List<FederatedIdentityRepresentation> federatedIdentityRepresentations =
+ userResource.getFederatedIdentity();
+ if (federatedIdentityRepresentations != null && !federatedIdentityRepresentations.isEmpty()) {
+ federatedIdentityRepresentations.forEach(fed -> {
+ arrayList.add(fed);
+ });
+ }
+ }
+ });
+ return arrayList;
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting external IDP links of realm "
+ + realmId + ", reason " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ throw new RuntimeException(msg, ex);
+
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+
+ }
+
+
/**
* creates groups and child groups in Keycloak
*
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
index 418ba8f..42aef71 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
@@ -412,6 +412,23 @@ message DeleteExternalIDPsRequest {
repeated string user_id=3;
}
+message GetExternalIDPsRequest {
+ int64 tenant_id= 1;
+ string client_id = 2;
+ string user_id=3;
+}
+
+
+message ExternalIDPLink {
+ string provider_alias = 1;
+ string provider_user_id =2;
+ string provider_username = 3;
+}
+
+message GetExternalIDPsResponse {
+ repeated ExternalIDPLink idp_links = 1;
+}
+
service IamAdminService {
rpc setUPTenant (SetUpTenantRequest) returns (SetUpTenantResponse);
@@ -435,6 +452,7 @@ service IamAdminService {
rpc grantAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc removeAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest) returns (OperationStatus);
+ rpc getExternalIDPLinksOfUsers(GetExternalIDPsRequest) returns (GetExternalIDPsResponse);
rpc registerAndEnableUsers (RegisterUsersRequest) returns (RegisterUsersResponse);
rpc addUserAttributes (AddUserAttributesRequest) returns (OperationStatus);
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto
index b028e65..e04fbdf 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto
@@ -145,6 +145,13 @@ service UserManagementService {
};
}
+
+ rpc getExternalIDPsOfUsers (org.apache.custos.iam.service.GetExternalIDPsRequest) returns (org.apache.custos.iam.service.GetExternalIDPsResponse) {
+ option (google.api.http) = {
+ get: "/user-management/v1.0.0/users/federatedIDPs"
+ };
+ }
+
rpc addRolesToUsers (org.apache.custos.iam.service.AddUserRolesRequest) returns (org.apache.custos.iam.service.OperationStatus) {
option (google.api.http) = {
post: "/user-management/v1.0.0/users/roles"
diff --git a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
index ac21497..8118546 100644
Binary files a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb and b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb differ
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
index aba3cc8..e4d1879 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
@@ -195,7 +195,7 @@ public class AuthInterceptorImpl extends MultiTenantAuthInterceptor {
.setClientId(oauthId)
.setAccessToken(token.getAccessToken())
.setTenantId(tenantId)
- .setPerformedBy(claim.get().getPerformedBy().isEmpty()?Constants.SYSTEM:claim.get().getPerformedBy())
+ .setPerformedBy(claim.get().getPerformedBy().isEmpty() ? Constants.SYSTEM : claim.get().getPerformedBy())
.build();
return (ReqT) operationRequest;
@@ -458,6 +458,21 @@ public class AuthInterceptorImpl extends MultiTenantAuthInterceptor {
.setTenantId(tenantId)
.setClientId(oauthId)
.build();
+ } else if (method.equals("getExternalIDPsOfUsers")) {
+ GetExternalIDPsRequest getExternalIDPsRequest = (GetExternalIDPsRequest) msg;
+
+ Optional<AuthClaim> claim = authorize(headers, getExternalIDPsRequest.getClientId());
+
+ if (claim.isEmpty()) {
+ throw new UnAuthorizedException("Request is not authorized", null);
+ }
+ String oauthId = claim.get().getIamAuthId();
+ long tenantId = claim.get().getTenantId();
+
+ return (ReqT) ((GetExternalIDPsRequest) msg).toBuilder()
+ .setTenantId(tenantId)
+ .setClientId(oauthId)
+ .build();
}
return msg;
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
index ebe3f74..3a108cf 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
@@ -1286,6 +1286,24 @@ public class UserManagementService extends UserManagementServiceGrpc.UserManagem
}
@Override
+ public void getExternalIDPsOfUsers(GetExternalIDPsRequest request, StreamObserver<GetExternalIDPsResponse> responseObserver) {
+ try {
+ LOGGER.debug("Request received to getExternalIDPs of users in " + request.getTenantId());
+
+ GetExternalIDPsResponse status = iamAdminServiceClient.getExternalIDPLinks(request);
+
+ responseObserver.onNext(status);
+ responseObserver.onCompleted();
+
+ } catch (Exception ex) {
+ String msg = "Error occurred while fetching external IDPs of Users " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+
+ }
+ }
+
+ @Override
public void synchronizeUserDBs(SynchronizeUserDBRequest request, StreamObserver<OperationStatus> responseObserver) {
try {
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto b/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
index b028e65..e04fbdf 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
@@ -145,6 +145,13 @@ service UserManagementService {
};
}
+
+ rpc getExternalIDPsOfUsers (org.apache.custos.iam.service.GetExternalIDPsRequest) returns (org.apache.custos.iam.service.GetExternalIDPsResponse) {
+ option (google.api.http) = {
+ get: "/user-management/v1.0.0/users/federatedIDPs"
+ };
+ }
+
rpc addRolesToUsers (org.apache.custos.iam.service.AddUserRolesRequest) returns (org.apache.custos.iam.service.OperationStatus) {
option (google.api.http) = {
post: "/user-management/v1.0.0/users/roles"