You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2021/06/15 05:06:30 UTC
[airavata-custos] branch develop updated: fix for #186
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new 1182515 fix for #186
new 74102bd Merge pull request #209 from isururanawaka/develop
1182515 is described below
commit 11825154e8c47e09b72f6c9ce21774a5a147f192
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Tue Jun 15 01:04:46 2021 -0400
fix for #186
---
.../iam/admin/client/IamAdminServiceClient.java | 4 ++
.../apache/custos/iam/service/IamAdminService.java | 16 ++++++++
.../custos/iam/validator/InputValidator.java | 17 +++++++-
.../src/main/proto/IamAdminService.proto | 5 +++
.../services/clients/keycloak/KeycloakClient.java | 44 ++++++++++++++++++---
.../main/resources/protos/IamAdminService.proto | 5 +++
.../resources/protos/UserManagementService.proto | 7 ++++
.../main/resources/protos/UserProfileService.proto | 2 +-
.../src/main/resources/user-management-service.pb | Bin 125269 -> 125989 bytes
.../interceptors/AuthInterceptorImpl.java | 15 +++++++
.../management/service/UserManagementService.java | 20 +++++++++-
.../src/main/proto/UserManagementService.proto | 7 ++++
12 files changed, 134 insertions(+), 8 deletions(-)
diff --git a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
index 7a6d3ec..fabee59 100644
--- a/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
+++ b/custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java
@@ -345,6 +345,10 @@ public class IamAdminServiceClient {
return iamAdminServiceBlockingStub.deleteRole(request);
}
+ public OperationStatus deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest deleteExternalIDPsRequest) {
+ return iamAdminServiceBlockingStub.deleteExternalIDPLinksOfUsers(deleteExternalIDPsRequest);
+ }
+
public Agent getAgent(UserSearchRequest request) {
return iamAdminServiceBlockingStub.getAgent(request);
}
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index c1d1467..07b80e0 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -538,6 +538,22 @@ public class IamAdminService extends IamAdminServiceImplBase {
@Override
+ public void deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest request,
+ StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
+ try {
+ long tenantId = request.getTenantId();
+ boolean status = keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+ responseObserver.onNext(org.apache.custos.iam.service.OperationStatus.newBuilder().setStatus(status).build());
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while deletingExternalIDPLinksOfUsers" + ex;
+ LOGGER.error(msg, ex);
+ responseObserver.onError(io.grpc.Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+
+ }
+
+ @Override
public void updateUserProfile(UpdateUserProfileRequest request, StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) {
String userId = request.getUser().getUsername() + "@" + request.getTenantId();
diff --git a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java
index c149ae0..4974608 100644
--- a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java
+++ b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java
@@ -138,7 +138,9 @@ public class InputValidator implements Validator {
case "getAllResources":
validateGetAllResources(obj);
break;
-
+ case "deleteExternalIDPLinksOfUsers":
+ validateDeleteExternalIDPsLinks(obj);
+ break;
default:
@@ -918,4 +920,17 @@ public class InputValidator implements Validator {
return true;
}
+ private boolean validateDeleteExternalIDPsLinks(Object obj) {
+ if (obj instanceof DeleteExternalIDPsRequest) {
+ DeleteExternalIDPsRequest request = (DeleteExternalIDPsRequest) obj;
+
+ if (request.getTenantId() == 0) {
+ throw new MissingParameterException("Tenant Id should not be null", null);
+ }
+
+ } else {
+ throw new RuntimeException("Unexpected input type for method deleteExternalIDPLinks");
+ }
+ return true;
+ }
}
diff --git a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 30c3469..0a0d7d0 100644
--- a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -406,6 +406,10 @@ message GetAllResourcesResponse {
repeated UserRepresentation users = 2;
}
+message DeleteExternalIDPsRequest {
+ int64 tenant_id= 1;
+ string client_id = 2;
+}
service IamAdminService {
@@ -429,6 +433,7 @@ service IamAdminService {
rpc resetPassword (ResetUserPassword) returns (OperationStatus);
rpc grantAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc removeAdminPrivilege (UserSearchRequest) returns (OperationStatus);
+ rpc deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest) returns (OperationStatus);
rpc registerAndEnableUsers (RegisterUsersRequest) returns (RegisterUsersResponse);
rpc addUserAttributes (AddUserAttributesRequest) returns (OperationStatus);
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index c385bc9..8003fc7 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -609,10 +609,10 @@ public class KeycloakClient {
}
}
- public UserRepresentation getUser(String realmId, String username) {
+ public UserRepresentation getUser(String realmId, String username) {
Keycloak client = null;
try {
- client = getClient(iamServerURL, superAdminRealmID, superAdminUserName,superAdminPassword);
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
return getUserByUsername(client, realmId, username);
} catch (Exception ex) {
String msg = "Error retrieving user, reason: " + ex.getMessage();
@@ -755,7 +755,7 @@ public class KeycloakClient {
Keycloak client = null;
try {
- client = getClient(iamServerURL,superAdminRealmID,superAdminUserName,superAdminPassword);
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
for (String username : users) {
UserRepresentation representation = getUserByUsername(client, realmId, username.toLowerCase());
@@ -799,7 +799,7 @@ public class KeycloakClient {
Keycloak client = null;
try {
- client = getClient(iamServerURL,superAdminRealmID,superAdminUserName,superAdminPassword);
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
UserRepresentation representation = getUserByUsername(client, realmId, username.toLowerCase());
if (representation != null) {
@@ -1332,7 +1332,7 @@ public class KeycloakClient {
Keycloak client = null;
try {
- client = getClient(iamServerURL, superAdminRealmID, superAdminUserName,superAdminPassword);
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
List<UserRepresentation> userResourceList = client.realm(realmId).users().search(
username.toLowerCase(), null, null, null, null, null);
@@ -1361,6 +1361,40 @@ public class KeycloakClient {
}
+
+ public boolean deleteExternalIDPLinks(String realmId) {
+
+ Keycloak client = null;
+ try {
+ client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+
+ RealmResource realmResource = client.realm(realmId);
+ List<UserRepresentation> userResourceList = client.realm(realmId).users().list();
+ userResourceList.forEach(user -> {
+ UserResource userResource = realmResource.users().get(user.getId());
+ List<FederatedIdentityRepresentation> federatedIdentityRepresentations =
+ userResource.getFederatedIdentity();
+ if (federatedIdentityRepresentations != null && !federatedIdentityRepresentations.isEmpty()) {
+ federatedIdentityRepresentations.forEach(fed -> {
+ userResource.removeFederatedIdentity(fed.getIdentityProvider());
+ });
+ }
+ });
+ return true;
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting external IDP links of realm "
+ + realmId + ", reason " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ throw new RuntimeException(msg, ex);
+
+ } finally {
+ if (client != null) {
+ client.close();
+ }
+ }
+
+ }
+
/**
* creates groups and child groups in Keycloak
*
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
index 30c3469..0a0d7d0 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
@@ -406,6 +406,10 @@ message GetAllResourcesResponse {
repeated UserRepresentation users = 2;
}
+message DeleteExternalIDPsRequest {
+ int64 tenant_id= 1;
+ string client_id = 2;
+}
service IamAdminService {
@@ -429,6 +433,7 @@ service IamAdminService {
rpc resetPassword (ResetUserPassword) returns (OperationStatus);
rpc grantAdminPrivilege (UserSearchRequest) returns (OperationStatus);
rpc removeAdminPrivilege (UserSearchRequest) returns (OperationStatus);
+ rpc deleteExternalIDPLinksOfUsers(DeleteExternalIDPsRequest) returns (OperationStatus);
rpc registerAndEnableUsers (RegisterUsersRequest) returns (RegisterUsersResponse);
rpc addUserAttributes (AddUserAttributesRequest) returns (OperationStatus);
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto
index 7085bf4..b028e65 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserManagementService.proto
@@ -138,6 +138,13 @@ service UserManagementService {
};
}
+
+ rpc deleteExternalIDPsOfUsers (org.apache.custos.iam.service.DeleteExternalIDPsRequest) returns (org.apache.custos.iam.service.OperationStatus) {
+ option (google.api.http) = {
+ delete: "/user-management/v1.0.0/users/federatedIDPs"
+ };
+ }
+
rpc addRolesToUsers (org.apache.custos.iam.service.AddUserRolesRequest) returns (org.apache.custos.iam.service.OperationStatus) {
option (google.api.http) = {
post: "/user-management/v1.0.0/users/roles"
diff --git a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserProfileService.proto b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserProfileService.proto
index feef80d..94711b1 100644
--- a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserProfileService.proto
+++ b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/UserProfileService.proto
@@ -79,7 +79,7 @@ message UserProfileRequest {
message UserAttribute {
int64 id = 1;
string key = 2;
- repeated string value = 3;
+ repeated string values = 3;
}
diff --git a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
index fa89351..fb519fd 100644
Binary files a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb and b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb differ
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
index 3163018..53abf1b 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/interceptors/AuthInterceptorImpl.java
@@ -443,6 +443,21 @@ public class AuthInterceptorImpl extends MultiTenantAuthInterceptor {
.setPerformedBy(Constants.SYSTEM)
.build();
+ } else if (method.equals("deleteExternalIDPsOfUsers")) {
+ DeleteExternalIDPsRequest deleteExternalIDPsRequest = (DeleteExternalIDPsRequest) msg;
+
+ Optional<AuthClaim> claim = authorize(headers, deleteExternalIDPsRequest.getClientId());
+
+ if (claim.isEmpty()) {
+ throw new UnAuthorizedException("Request is not authorized", null);
+ }
+ String oauthId = claim.get().getIamAuthId();
+ long tenantId = claim.get().getTenantId();
+
+ return (ReqT) ((DeleteExternalIDPsRequest) msg).toBuilder()
+ .setTenantId(tenantId)
+ .setClientId(oauthId)
+ .build();
}
return msg;
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
index d02f9a9..ebe3f74 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/java/org/apache/custos/user/management/service/UserManagementService.java
@@ -699,7 +699,7 @@ public class UserManagementService extends UserManagementServiceGrpc.UserManagem
} catch (Exception ex) {
String msg = "Error occurred while delete user roles, " + ex.getMessage();
- LOGGER.error(msg,ex);
+ LOGGER.error(msg, ex);
if (ex.getMessage().contains("UNAUTHENTICATED")) {
responseObserver.onError(Status.UNAUTHENTICATED.withDescription(msg).asRuntimeException());
} else {
@@ -1268,6 +1268,24 @@ public class UserManagementService extends UserManagementServiceGrpc.UserManagem
@Override
+ public void deleteExternalIDPsOfUsers(DeleteExternalIDPsRequest request, StreamObserver<OperationStatus> responseObserver) {
+ try {
+ LOGGER.debug("Request received to deleteExternalIDPsOfUsers for " + request.getTenantId());
+
+ OperationStatus status = iamAdminServiceClient.deleteExternalIDPLinksOfUsers(request);
+
+ responseObserver.onNext(status);
+ responseObserver.onCompleted();
+
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting external IDPs of Users " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+
+ }
+ }
+
+ @Override
public void synchronizeUserDBs(SynchronizeUserDBRequest request, StreamObserver<OperationStatus> responseObserver) {
try {
diff --git a/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto b/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
index 7085bf4..b028e65 100644
--- a/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
+++ b/custos-integration-services/user-management-service-parent/user-management-service/src/main/proto/UserManagementService.proto
@@ -138,6 +138,13 @@ service UserManagementService {
};
}
+
+ rpc deleteExternalIDPsOfUsers (org.apache.custos.iam.service.DeleteExternalIDPsRequest) returns (org.apache.custos.iam.service.OperationStatus) {
+ option (google.api.http) = {
+ delete: "/user-management/v1.0.0/users/federatedIDPs"
+ };
+ }
+
rpc addRolesToUsers (org.apache.custos.iam.service.AddUserRolesRequest) returns (org.apache.custos.iam.service.OperationStatus) {
option (google.api.http) = {
post: "/user-management/v1.0.0/users/roles"