You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2020/04/07 16:28:53 UTC
[airavata-custos] branch develop updated: Bug fix in update tenant
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new 2807bfb Bug fix in update tenant
new 623e27c Merge pull request #36 from isururanawaka/microservices_based_impl
2807bfb is described below
commit 2807bfb665aa70f0baa6d2a0a13bd79115772503
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Tue Apr 7 12:27:49 2020 -0400
Bug fix in update tenant
---
.../iam/admin/client/IamAdminServiceClient.java | 4 +
.../apache/custos/iam/service/IamAdminService.java | 43 +++++++-
.../org/apache/custos/iam/utils/IAMOperations.java | 1 +
.../src/main/proto/IamAdminService.proto | 8 +-
.../persistance/model/AttributeUpdateMetadata.java | 1 +
.../tenant/profile/persistance/model/Tenant.java | 4 +-
.../services/clients/keycloak/KeycloakClient.java | 120 ++++++++++++++++++++-
.../main/resources/tenant-management-service.pb | Bin 123960 -> 132558 bytes
.../service/TenantManagementService.java | 4 +-
.../management/tasks/TenantActivationTask.java | 31 +++++-
10 files changed, 201 insertions(+), 15 deletions(-)
diff --git a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
index 5517de8..3a590bb 100644
--- a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
+++ b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
@@ -313,6 +313,10 @@ public class IamAdminServiceClient {
return iamAdminServiceBlockingStub.enableAgent(request);
}
+ public SetUpTenantResponse updateTenant(SetUpTenantRequest request) {
+ return iamAdminServiceBlockingStub.updateTenant(request);
+ }
+
public Agent getAgent(UserSearchRequest request) {
return iamAdminServiceBlockingStub.getAgent(request);
}
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index 3c25e23..06313d9 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -101,6 +101,47 @@ public class IamAdminService extends IamAdminServiceImplBase {
@Override
+ public void updateTenant(SetUpTenantRequest request, StreamObserver<SetUpTenantResponse> responseObserver) {
+ try {
+ LOGGER.debug("Request received to updateTenant " + request.getTenantId());
+
+ keycloakClient.updateRealm(String.valueOf(request.getTenantId()), request.getTenantName());
+
+ keycloakClient.updateRealmAdminAccount(String.valueOf(request.getTenantId()), request.getAdminUsername(),
+ request.getAdminFirstname(), request.getAdminLastname(),
+ request.getAdminEmail(), request.getAdminPassword());
+
+ KeycloakClientSecret clientSecret = keycloakClient.updateClient(String.valueOf(request.getTenantId()),
+ request.getCustosClientId(),
+ request.getTenantURL(), request.getRedirectURIsList());
+
+ SetUpTenantResponse response = SetUpTenantResponse.newBuilder()
+ .setClientId(clientSecret.getClientId())
+ .setClientSecret(clientSecret.getClientSecret())
+ .build();
+
+
+ statusUpdater.updateStatus(IAMOperations.UPDATE_TENANT.name(),
+ OperationStatus.SUCCESS,
+ request.getTenantId(),
+ request.getRequesterEmail());
+
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+
+ } catch (Exception ex) {
+ String msg = "Error occurred during updateTenant" + ex;
+ LOGGER.error(msg, ex);
+ statusUpdater.updateStatus(IAMOperations.UPDATE_TENANT.name(),
+ OperationStatus.FAILED,
+ request.getTenantId(),
+ request.getRequesterEmail());
+
+ responseObserver.onError(io.grpc.Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
public void deleteTenant(DeleteTenantRequest request, StreamObserver<Empty> responseObserver) {
try {
LOGGER.debug("Request received to delete tenant " + request.getTenantId());
@@ -1838,7 +1879,7 @@ public class IamAdminService extends IamAdminServiceImplBase {
if (representation != null) {
if (representation.getAttributes() == null || representation.getAttributes().isEmpty() ||
- representation.getAttributes().get(Constants.CUSTOS_REALM_AGENT).get(0) == null ||
+ representation.getAttributes().get(Constants.CUSTOS_REALM_AGENT).get(0) == null ||
!representation.getAttributes().get(Constants.CUSTOS_REALM_AGENT).get(0).equals("true")) {
responseObserver.onError(io.grpc.Status.NOT_FOUND.withDescription("Agent not found ").asRuntimeException());
return;
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/utils/IAMOperations.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/utils/IAMOperations.java
index f12ef43..29903c7 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/utils/IAMOperations.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/utils/IAMOperations.java
@@ -25,6 +25,7 @@ package org.apache.custos.iam.utils;
public enum IAMOperations {
SET_UP_TENANT,
+ UPDATE_TENANT,
REGISTER_USER,
ENABLE_USER,
DISABLE_USER,
diff --git a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 9257b77..4257cf5 100644
--- a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -190,7 +190,7 @@ message DeleteUserRolesRequest {
string access_token = 5;
string client_id = 6;
string performed_by = 7;
- string id = 8;
+ string id = 8;
}
message AddUserRolesRequest {
@@ -378,6 +378,7 @@ message Agent {
service IamAdminService {
rpc setUPTenant (SetUpTenantRequest) returns (SetUpTenantResponse);
+ rpc updateTenant (SetUpTenantRequest) returns (SetUpTenantResponse);
rpc deleteTenant (DeleteTenantRequest) returns (google.protobuf.Empty);
rpc configureFederatedIDP (ConfigureFederateIDPRequest) returns (FederateIDPResponse);
rpc addRolesToTenant (AddRolesRequest) returns (AllRoles);
@@ -424,8 +425,8 @@ service IamAdminService {
rpc isAgentNameAvailable (UserSearchRequest) returns (OperationStatus);
rpc registerAndEnableAgent (RegisterUserRequest) returns (RegisterUserResponse);
- rpc deleteAgent(UserSearchRequest) returns (OperationStatus);
- rpc getAgent(UserSearchRequest) returns (Agent);
+ rpc deleteAgent (UserSearchRequest) returns (OperationStatus);
+ rpc getAgent (UserSearchRequest) returns (Agent);
rpc disableAgent (UserSearchRequest) returns (OperationStatus);
rpc enableAgent (UserSearchRequest) returns (OperationStatus);
rpc addAgentAttributes (AddUserAttributesRequest) returns (OperationStatus);
@@ -434,5 +435,4 @@ service IamAdminService {
rpc deleteAgentRoles (DeleteUserRolesRequest) returns (OperationStatus);
-
}
\ No newline at end of file
diff --git a/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/AttributeUpdateMetadata.java b/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/AttributeUpdateMetadata.java
index ab30f8f..237e538 100644
--- a/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/AttributeUpdateMetadata.java
+++ b/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/AttributeUpdateMetadata.java
@@ -40,6 +40,7 @@ public class AttributeUpdateMetadata {
@Column(nullable = false)
private String updatedFieldKey;
+ @Lob
@Column(nullable = false)
private String updatedFieldValue;
diff --git a/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/Tenant.java b/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/Tenant.java
index ce8687b..60244e7 100644
--- a/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/Tenant.java
+++ b/custos-core-services/tenant-profile-core-service/src/main/java/org/apache/custos/tenant/profile/persistance/model/Tenant.java
@@ -102,10 +102,10 @@ public class Tenant {
private long refreshTokenLifetime = 0;
- @OneToMany(mappedBy = "tenant", cascade = CascadeType.ALL, fetch = FetchType.EAGER)
+ @OneToMany(mappedBy = "tenant", cascade = CascadeType.ALL,orphanRemoval = true, fetch = FetchType.EAGER)
private Set<Contact> contacts;
- @OneToMany(mappedBy = "tenant", cascade = CascadeType.ALL, fetch = FetchType.EAGER)
+ @OneToMany(mappedBy = "tenant", cascade = CascadeType.ALL, orphanRemoval = true, fetch = FetchType.EAGER)
private Set<RedirectURI> redirectURIS;
@OneToMany(mappedBy = "tenant", cascade = CascadeType.ALL)
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index daf7f4b..abdb172 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -126,6 +126,40 @@ public class KeycloakClient {
}
}
+
+ public void updateRealm(String realmId, String displayName) {
+ Keycloak client = null;
+ try {
+ // get client
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+ // create realm
+
+ RealmResource realmResource = client.realm(realmId);
+
+ if (realmResource != null) {
+
+ RealmRepresentation newRealmDetails = realmResource.toRepresentation();
+ newRealmDetails.setId(realmId);
+ newRealmDetails.setDisplayName(displayName);
+ newRealmDetails.setRealm(realmId);
+ realmResource.update(newRealmDetails);
+ } else {
+ String msg = "Realm not found, reason: ";
+ LOGGER.error(msg);
+ throw new RuntimeException(msg, null);
+ }
+
+ } catch (Exception ex) {
+ String msg = "Error creating Realm in Keycloak Server, reason: " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ throw new RuntimeException(msg, ex);
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+ }
+
public boolean createRealmAdminAccount(String realmId, String adminUsername, String adminFirstname, String adminLastname, String adminEmail, String adminPassword) {
Keycloak client = null;
try {
@@ -182,6 +216,36 @@ public class KeycloakClient {
}
+ public boolean updateRealmAdminAccount(String realmId, String adminUsername, String adminFirstname, String adminLastname, String adminEmail, String adminPassword) {
+ Keycloak client = null;
+ try {
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+ UserRepresentation representation = getUserByUsername(client, realmId, adminUsername);
+ if (representation != null) {
+ UserRepresentation user = representation;
+ user.setUsername(adminUsername);
+ user.setFirstName(adminFirstname);
+ user.setLastName(adminLastname);
+ user.setEmail(adminEmail);
+ user.setEmailVerified(true);
+ user.setEnabled(true);
+ client.realm(realmId).users().get(representation.getId()).update(representation);
+ return true;
+ } else {
+ return createRealmAdminAccount(realmId, adminUsername, adminFirstname, adminLastname, adminEmail, adminPassword);
+ }
+ } catch (Exception ex) {
+ String msg = "Error updating Realm Admin Account in keycloak server, reason: " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ throw new RuntimeException(msg, ex);
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+ }
+
+
public KeycloakClientSecret configureClient(String realmId, String clientName, @NotNull String tenantURL, List<String> redirectUris) {
Keycloak client = null;
try {
@@ -254,6 +318,60 @@ public class KeycloakClient {
}
+ public KeycloakClientSecret updateClient(String realmId, String clientName, @NotNull String tenantURL, List<String> redirectUris) {
+ Keycloak client = null;
+ try {
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+
+ List<ClientRepresentation> clientRepresentations = client.realm(realmId).clients().findByClientId(clientName);
+
+ if (clientRepresentations == null || clientRepresentations.isEmpty()) {
+ String msg = "Cannot find a client with name " + clientName;
+ LOGGER.error(msg);
+ throw new RuntimeException(msg);
+ }
+
+ ClientRepresentation pgaClient = clientRepresentations.get(0);
+
+ pgaClient.setBaseUrl(tenantURL);
+
+
+ // Remove trailing slash from gatewayURL
+ if (tenantURL.endsWith("/")) {
+ tenantURL = tenantURL.substring(0, tenantURL.length() - 1);
+ }
+ // Add redirect URL after login
+ // redirectUris.add(tenantURL + "/callback-url"); // PGA
+ // redirectUris.add(tenantURL + "/auth/callback*"); // Django
+ // Add redirect URL after logout
+
+ List<String> newList = new ArrayList<>();
+ newList.addAll(redirectUris);
+ newList.add(tenantURL);
+
+
+ pgaClient.setRedirectUris(newList);
+ pgaClient.setPublicClient(false);
+ client.realms().realm(realmId).clients().get(pgaClient.getId()).update(pgaClient);
+
+ String ClientUUID = client.realms().realm(realmId).clients().findByClientId(pgaClient.getClientId()).get(0).getId();
+ CredentialRepresentation clientSecret = client.realms().realm(realmId).clients().get(ClientUUID).getSecret();
+ KeycloakClientSecret keycloakClientSecret = new KeycloakClientSecret(pgaClient.getClientId(), clientSecret.getValue());
+ return keycloakClientSecret;
+
+ } catch (Exception ex) {
+ String msg = "Error getting values from property file, reason: " + ex.getMessage();
+ LOGGER.error(msg, ex);
+
+ throw new RuntimeException(msg, ex);
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+ }
+
+
public boolean isUsernameAvailable(String realmId, String username, String accessToken) {
Keycloak client = null;
try {
@@ -323,7 +441,7 @@ public class KeycloakClient {
UserRepresentation profile = userResource.toRepresentation();
profile.setEnabled(true);
// We require that a user verify their email before enabling the account
- // profile.setEmailVerified(true);
+ // profile.setEmailVerified(true);
userResource.update(profile);
return true;
} catch (Exception ex) {
diff --git a/custos-integration-services/tenant-management-service-parent/tenant-management-service-sidecar/src/main/resources/tenant-management-service.pb b/custos-integration-services/tenant-management-service-parent/tenant-management-service-sidecar/src/main/resources/tenant-management-service.pb
index daf4306..ff55839 100644
Binary files a/custos-integration-services/tenant-management-service-parent/tenant-management-service-sidecar/src/main/resources/tenant-management-service.pb and b/custos-integration-services/tenant-management-service-parent/tenant-management-service-sidecar/src/main/resources/tenant-management-service.pb differ
diff --git a/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java b/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
index 298bc97..212fba4 100644
--- a/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
+++ b/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/service/TenantManagementService.java
@@ -87,7 +87,7 @@ public class TenantManagementService extends TenantManagementServiceImplBase {
request = request.toBuilder().setTenantId(tenantId).build();
//TODO: this is blocking call, improve to non blocking call
- tenantActivationTask.activateTenant(request, request.getRequesterEmail());
+ tenantActivationTask.activateTenant(request, request.getRequesterEmail(), false);
isTenantActivated = true;
@@ -207,7 +207,7 @@ public class TenantManagementService extends TenantManagementServiceImplBase {
Tenant updateTenant = profileClient.updateTenant(tenant);
- tenantActivationTask.activateTenant(updateTenant, Constants.GATEWAY_ADMIN);
+ tenantActivationTask.activateTenant(updateTenant, Constants.GATEWAY_ADMIN, true);
double clientIdIssuedAt = request.getCredentials().getCustosClientIdIssuedAt();
diff --git a/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java b/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
index a0529fd..e9aaa63 100644
--- a/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
+++ b/custos-integration-services/tenant-management-service-parent/tenant-management-service/src/main/java/org/apache/custos/tenant/management/tasks/TenantActivationTask.java
@@ -39,7 +39,6 @@ import org.apache.custos.tenant.profile.service.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
@@ -95,7 +94,23 @@ public class TenantActivationTask<T, U> extends ServiceTaskImpl<T, U> {
Tenant newTenant = tenant.toBuilder().setAdminPassword(metadata.getSecret()).build();
- UpdateStatusResponse response = this.activateTenant(newTenant, Constants.SYSTEM);
+
+ GetCredentialRequest iamClientReques = GetCredentialRequest
+ .newBuilder()
+ .setOwnerId(tenantId)
+ .setType(Type.IAM)
+ .build();
+
+ CredentialMetadata iamMetadata = credentialStoreServiceClient.getCredential(iamClientReques);
+ UpdateStatusResponse response = null;
+ if (iamMetadata == null || iamMetadata.getId() == null || iamMetadata.getId().equals("")) {
+ response = this.activateTenant(newTenant, Constants.SYSTEM, false);
+ } else {
+ response = this.activateTenant(newTenant, Constants.SYSTEM, true);
+ }
+
+
+
invokeNextTask((U) response);
@@ -122,7 +137,7 @@ public class TenantActivationTask<T, U> extends ServiceTaskImpl<T, U> {
}
- public UpdateStatusResponse activateTenant(Tenant tenant, String performedBy) {
+ public UpdateStatusResponse activateTenant(Tenant tenant, String performedBy, boolean update) {
GetCredentialRequest getCreRe = GetCredentialRequest.newBuilder().
@@ -130,7 +145,7 @@ public class TenantActivationTask<T, U> extends ServiceTaskImpl<T, U> {
.setType(Type.CUSTOS)
.build();
- CredentialMetadata metadata = credentialStoreServiceClient.getCredential(getCreRe);
+ CredentialMetadata metadata = credentialStoreServiceClient.getCredential(getCreRe);
SetUpTenantRequest setUpTenantRequest = SetUpTenantRequest
.newBuilder()
@@ -147,7 +162,13 @@ public class TenantActivationTask<T, U> extends ServiceTaskImpl<T, U> {
.setCustosClientId(metadata.getId())
.build();
- SetUpTenantResponse iamResponse = iamAdminServiceClient.setUPTenant(setUpTenantRequest);
+ SetUpTenantResponse iamResponse = null;
+ if (update) {
+ iamResponse = iamAdminServiceClient.updateTenant(setUpTenantRequest);
+ } else {
+
+ iamResponse = iamAdminServiceClient.setUPTenant(setUpTenantRequest);
+ }
CredentialMetadata credentialMetadata = CredentialMetadata
.newBuilder()