You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by di...@apache.org on 2021/09/02 21:44:10 UTC
[airavata-mft] branch develop updated: Updating custos secret
backend to communicate with DRMS
This is an automated email from the ASF dual-hosted git repository.
dimuthuupe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-mft.git
The following commit(s) were added to refs/heads/develop by this push:
new 7090e37 Updating custos secret backend to communicate with DRMS
7090e37 is described below
commit 7090e37f4eae9681e7ce7984843cb008de2f0579
Author: Dimuthu Wannipurage <di...@gmail.com>
AuthorDate: Thu Sep 2 17:43:58 2021 -0400
Updating custos secret backend to communicate with DRMS
---
services/secret-service/server/pom.xml | 5 ++
.../server/backend/custos/CustosSecretBackend.java | 86 +++++++++++++++++++++-
2 files changed, 88 insertions(+), 3 deletions(-)
diff --git a/services/secret-service/server/pom.xml b/services/secret-service/server/pom.xml
index 8293b24..6870fc3 100644
--- a/services/secret-service/server/pom.xml
+++ b/services/secret-service/server/pom.xml
@@ -78,6 +78,11 @@
<artifactId>json-simple</artifactId>
<version>1.1.1</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.airavata.data.lake</groupId>
+ <artifactId>drms-stubs</artifactId>
+ <version>0.01-SNAPSHOT</version>
+ </dependency>
</dependencies>
<build>
diff --git a/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/custos/CustosSecretBackend.java b/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/custos/CustosSecretBackend.java
index 601f2d8..73e4c10 100644
--- a/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/custos/CustosSecretBackend.java
+++ b/services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/custos/CustosSecretBackend.java
@@ -1,5 +1,13 @@
package org.apache.airavata.mft.secret.server.backend.custos;
+import io.grpc.ManagedChannel;
+import io.grpc.ManagedChannelBuilder;
+import org.apache.airavata.datalake.drms.AuthCredentialType;
+import org.apache.airavata.datalake.drms.AuthenticatedUser;
+import org.apache.airavata.datalake.drms.DRMSServiceAuthToken;
+import org.apache.airavata.datalake.drms.storage.*;
+import org.apache.airavata.datalake.drms.storage.preference.ssh.SSHStoragePreference;
+import org.apache.airavata.mft.common.AuthToken;
import org.apache.airavata.mft.common.DelegateAuth;
import org.apache.airavata.mft.credential.stubs.azure.*;
import org.apache.airavata.mft.credential.stubs.box.*;
@@ -24,6 +32,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
import java.util.Map;
import java.util.Optional;
@@ -45,6 +55,12 @@ public class CustosSecretBackend implements SecretBackend {
@Value("${custos.secret}")
private String custosSecret;
+ @Value("${custos.backend.drms.host}")
+ private String drmsHost;
+
+ @Value("${custos.backend.drms.port}")
+ private int drmsPort;
+
private AgentAuthenticationHandler handler;
private CustosClientsFactory custosClientsFactory;
@@ -88,18 +104,80 @@ public class CustosSecretBackend implements SecretBackend {
}
}
+ private AnyStoragePreference getStoragePreference(String storagePefId) {
+ return AnyStoragePreference.newBuilder().build();
+ }
+
+ private DRMSServiceAuthToken getDrmsToken(AuthToken authToken) {
+ switch (authToken.getAuthMechanismCase()) {
+ case USERTOKENAUTH:
+ return DRMSServiceAuthToken.newBuilder().setAccessToken(authToken.getUserTokenAuth().getToken()).build();
+
+ case DELEGATEAUTH:
+ DelegateAuth delegateAuth = authToken.getDelegateAuth();
+ return DRMSServiceAuthToken.newBuilder()
+ .setAccessToken(Base64.getEncoder()
+ .encodeToString((delegateAuth.getClientId() + ":" + delegateAuth.getClientSecret())
+ .getBytes(StandardCharsets.UTF_8)))
+ .setAuthCredentialType(AuthCredentialType.AGENT_ACCOUNT_CREDENTIAL)
+ .setAuthenticatedUser(AuthenticatedUser.newBuilder()
+ .setUsername(delegateAuth.getUserId())
+ .setTenantId(delegateAuth.getPropertiesOrThrow("TENANT_ID"))
+ .build())
+ .build();
+ }
+ return null;
+ }
+
+
@Override
public Optional<SCPSecret> getSCPSecret(SCPSecretGetRequest request) throws Exception {
+
+ DRMSServiceAuthToken drmsToken = getDrmsToken(request.getAuthzToken());
+
+ if (drmsToken == null) {
+ LOGGER.error("DRMS Token can not be null");
+ return Optional.empty();
+ }
+
+ String storagePrefId = request.getSecretId();
+
+ ManagedChannel channel = ManagedChannelBuilder.forAddress(drmsHost, drmsPort).usePlaintext().build();
+ AnyStoragePreference storagePreference;
+
+ try {
+ StoragePreferenceServiceGrpc.StoragePreferenceServiceBlockingStub spClient =
+ StoragePreferenceServiceGrpc.newBlockingStub(channel);
+
+ StoragePreferenceFetchResponse storagePreferenceResp = spClient.
+ fetchStoragePreference(StoragePreferenceFetchRequest.newBuilder().
+ setAuthToken(drmsToken).setStoragePreferenceId(storagePrefId).build());
+
+ storagePreference = storagePreferenceResp.getStoragePreference();
+ } finally {
+ channel.shutdown();
+ }
+
+ SSHStoragePreference sshStoragePreference;
+ if (storagePreference.getStorageCase() == AnyStoragePreference.StorageCase.SSH_STORAGE_PREFERENCE) {
+ sshStoragePreference = storagePreference.getSshStoragePreference();
+ } else {
+ LOGGER.error("Invalid storage case {} for preference {}", storagePreference.getStorageCase(), storagePrefId);
+ return Optional.empty();
+ }
+
switch (request.getAuthzToken().getAuthMechanismCase()) {
case AGENTAUTH:
String agentId = request.getAuthzToken().getAgentAuth().getAgentId();
String secret = request.getAuthzToken().getAgentAuth().getAgentSecret();
+
Optional<AuthConfig> optionalAuthConfig = handler.authenticate(agentId, secret);
if (optionalAuthConfig.isPresent()) {
AuthConfig authConfig = optionalAuthConfig.get();
SSHCredential sshCredential = csAgentClient.getSSHCredential(request.getAuthzToken().getAgentAuth().getToken(),
- authConfig.getAccessToken(), request.getSecretId(), false);
+ authConfig.getAccessToken(), sshStoragePreference.getCredentialToken(), false);
SCPSecret scpSecret = SCPSecret.newBuilder()
+ .setUser(sshStoragePreference.getUserName())
.setSecretId(sshCredential.getMetadata().getToken())
.setPublicKey(sshCredential.getPublicKey())
.setPassphrase(sshCredential.getPassphrase())
@@ -110,8 +188,9 @@ public class CustosSecretBackend implements SecretBackend {
case USERTOKENAUTH:
if (identityClient.isAuthenticated(request.getAuthzToken().getUserTokenAuth().getToken())) {
//custosId need to be replaced with actual gateway custos Id
- SSHCredential sshCredential = csClient.getSSHCredential(custosId, request.getSecretId(), false);
+ SSHCredential sshCredential = csClient.getSSHCredential(custosId, sshStoragePreference.getCredentialToken(), false);
SCPSecret scpSecret = SCPSecret.newBuilder()
+ .setUser(sshStoragePreference.getUserName())
.setSecretId(sshCredential.getMetadata().getToken())
.setPublicKey(sshCredential.getPublicKey())
.setPassphrase(sshCredential.getPassphrase())
@@ -123,8 +202,9 @@ public class CustosSecretBackend implements SecretBackend {
DelegateAuth delegateAuth = request.getAuthzToken().getDelegateAuth();
ResourceSecretManagementClient csClient = getTenantResourceSecretManagementClient(delegateAuth);
SSHCredential sshCredential = csClient.getSSHCredential(delegateAuth.getPropertiesMap().get("PORTAL_CUSTOS_ID"),
- request.getSecretId(), false);
+ sshStoragePreference.getCredentialToken(), false);
SCPSecret scpSecret = SCPSecret.newBuilder()
+ .setUser(sshStoragePreference.getUserName())
.setSecretId(sshCredential.getMetadata().getToken())
.setPublicKey(sshCredential.getPublicKey())
.setPassphrase(sshCredential.getPassphrase())