You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2021/07/23 19:43:54 UTC

[airavata-custos] branch develop updated: userbased external ids deletion

This is an automated email from the ASF dual-hosted git repository.

isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git


The following commit(s) were added to refs/heads/develop by this push:
     new a7f3002  userbased external ids deletion
     new b1d72d9  Merge pull request #220 from isururanawaka/develop
a7f3002 is described below

commit a7f300291dc4b8ce8268d28ab22810684820b4c9
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Fri Jul 23 15:42:59 2021 -0400

    userbased external ids deletion
---
 .../iam-admin-core-service/Dockerfile              |   2 +-
 .../apache/custos/iam/service/IamAdminService.java |   7 +++-
 .../src/main/proto/IamAdminService.proto           |   1 +
 .../services/clients/keycloak/KeycloakClient.java  |  36 +++++++++++++++++++++
 .../main/resources/protos/IamAdminService.proto    |   1 +
 .../src/main/resources/user-management-service.pb  | Bin 125989 -> 126088 bytes
 6 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/custos-core-services/iam-admin-core-service/Dockerfile b/custos-core-services/iam-admin-core-service/Dockerfile
index 403f1d3..353e758 100644
--- a/custos-core-services/iam-admin-core-service/Dockerfile
+++ b/custos-core-services/iam-admin-core-service/Dockerfile
@@ -3,4 +3,4 @@ COPY src/main/resources/keycloak-client-truststore.pkcs12 /home/ubuntu/keystore/
 VOLUME /tmp
 ARG JAR_FILE
 ADD ${JAR_FILE} app.jar
-ENTRYPOINT ["java","-Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager -Djava.security.debug=access:stack -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2","-jar","/app.jar"]
\ No newline at end of file
+ENTRYPOINT ["java","-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2","-jar","/app.jar"]
\ No newline at end of file
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index 07b80e0..68931db 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -542,7 +542,12 @@ public class IamAdminService extends IamAdminServiceImplBase {
                                               StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
         try {
             long tenantId = request.getTenantId();
-            boolean status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+            boolean status = false;
+            if (request.getUserIdList().isEmpty()) {
+                status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+            } else {
+                status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId), request.getUserIdList());
+            }
             responseObserver.onNext(org.apache.custos.iam.service.OperationStatus.newBuilder().setStatus(status).build());
             responseObserver.onCompleted();
         } catch (Exception ex) {
diff --git a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 0a0d7d0..418ba8f 100644
--- a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -409,6 +409,7 @@ message GetAllResourcesResponse {
 message DeleteExternalIDPsRequest {
     int64 tenant_id= 1;
     string client_id = 2;
+    repeated string user_id=3;
 }
 
 service IamAdminService {
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index 2f44a4b..cb7a449 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -1396,6 +1396,42 @@ public class KeycloakClient {
 
     }
 
+    public boolean deleteExternalIDPLinks(String realmId, List<String> users) {
+
+        Keycloak client = null;
+        try {
+            client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+
+            RealmResource realmResource = client.realm(realmId);
+            List<UserRepresentation> userResourceList = client.realm(realmId).users().list();
+            userResourceList.forEach(user -> {
+                if (users.contains(user.getUsername())) {
+                    UserResource userResource = realmResource.users().get(user.getId());
+                    List<FederatedIdentityRepresentation> federatedIdentityRepresentations =
+                            userResource.getFederatedIdentity();
+                    if (federatedIdentityRepresentations != null && !federatedIdentityRepresentations.isEmpty()) {
+                        federatedIdentityRepresentations.forEach(fed -> {
+                            userResource.removeFederatedIdentity(fed.getIdentityProvider());
+                        });
+                    }
+                }
+            });
+            return true;
+        } catch (Exception ex) {
+            String msg = "Error occurred while deleting external IDP links of realm "
+                    + realmId + ", reason " + ex.getMessage();
+            LOGGER.error(msg, ex);
+            throw new RuntimeException(msg, ex);
+
+        } finally {
+            if (client != null) {
+                client.close();
+            }
+        }
+
+    }
+
+
     /**
      * creates groups and child groups in Keycloak
      *
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
index 0a0d7d0..418ba8f 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
@@ -409,6 +409,7 @@ message GetAllResourcesResponse {
 message DeleteExternalIDPsRequest {
     int64 tenant_id= 1;
     string client_id = 2;
+    repeated string user_id=3;
 }
 
 service IamAdminService {
diff --git a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
index fb519fd..ac21497 100644
Binary files a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb and b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb differ