You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2021/07/23 19:43:54 UTC
[airavata-custos] branch develop updated: userbased external ids
deletion
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new a7f3002 userbased external ids deletion
new b1d72d9 Merge pull request #220 from isururanawaka/develop
a7f3002 is described below
commit a7f300291dc4b8ce8268d28ab22810684820b4c9
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Fri Jul 23 15:42:59 2021 -0400
userbased external ids deletion
---
.../iam-admin-core-service/Dockerfile | 2 +-
.../apache/custos/iam/service/IamAdminService.java | 7 +++-
.../src/main/proto/IamAdminService.proto | 1 +
.../services/clients/keycloak/KeycloakClient.java | 36 +++++++++++++++++++++
.../main/resources/protos/IamAdminService.proto | 1 +
.../src/main/resources/user-management-service.pb | Bin 125989 -> 126088 bytes
6 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/custos-core-services/iam-admin-core-service/Dockerfile b/custos-core-services/iam-admin-core-service/Dockerfile
index 403f1d3..353e758 100644
--- a/custos-core-services/iam-admin-core-service/Dockerfile
+++ b/custos-core-services/iam-admin-core-service/Dockerfile
@@ -3,4 +3,4 @@ COPY src/main/resources/keycloak-client-truststore.pkcs12 /home/ubuntu/keystore/
VOLUME /tmp
ARG JAR_FILE
ADD ${JAR_FILE} app.jar
-ENTRYPOINT ["java","-Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager -Djava.security.debug=access:stack -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2","-jar","/app.jar"]
\ No newline at end of file
+ENTRYPOINT ["java","-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2","-jar","/app.jar"]
\ No newline at end of file
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index 07b80e0..68931db 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -542,7 +542,12 @@ public class IamAdminService extends IamAdminServiceImplBase {
StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
try {
long tenantId = request.getTenantId();
- boolean status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+ boolean status = false;
+ if (request.getUserIdList().isEmpty()) {
+ status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+ } else {
+ status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId), request.getUserIdList());
+ }
responseObserver.onNext(org.apache.custos.iam.service.OperationStatus.newBuilder().setStatus(status).build());
responseObserver.onCompleted();
} catch (Exception ex) {
diff --git a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 0a0d7d0..418ba8f 100644
--- a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -409,6 +409,7 @@ message GetAllResourcesResponse {
message DeleteExternalIDPsRequest {
int64 tenant_id= 1;
string client_id = 2;
+ repeated string user_id=3;
}
service IamAdminService {
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index 2f44a4b..cb7a449 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -1396,6 +1396,42 @@ public class KeycloakClient {
}
+ public boolean deleteExternalIDPLinks(String realmId, List<String> users) {
+
+ Keycloak client = null;
+ try {
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+
+ RealmResource realmResource = client.realm(realmId);
+ List<UserRepresentation> userResourceList = client.realm(realmId).users().list();
+ userResourceList.forEach(user -> {
+ if (users.contains(user.getUsername())) {
+ UserResource userResource = realmResource.users().get(user.getId());
+ List<FederatedIdentityRepresentation> federatedIdentityRepresentations =
+ userResource.getFederatedIdentity();
+ if (federatedIdentityRepresentations != null && !federatedIdentityRepresentations.isEmpty()) {
+ federatedIdentityRepresentations.forEach(fed -> {
+ userResource.removeFederatedIdentity(fed.getIdentityProvider());
+ });
+ }
+ }
+ });
+ return true;
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting external IDP links of realm "
+ + realmId + ", reason " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ throw new RuntimeException(msg, ex);
+
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+
+ }
+
+
/**
* creates groups and child groups in Keycloak
*
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
index 0a0d7d0..418ba8f 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
@@ -409,6 +409,7 @@ message GetAllResourcesResponse {
message DeleteExternalIDPsRequest {
int64 tenant_id= 1;
string client_id = 2;
+ repeated string user_id=3;
}
service IamAdminService {
diff --git a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
index fb519fd..ac21497 100644
Binary files a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb and b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb differ