You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by an...@apache.org on 2017/05/02 16:49:29 UTC
[14/23] airavata git commit: adding iam-admin-services-core files
adding iam-admin-services-core files
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/1a977c06
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/1a977c06
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/1a977c06
Branch: refs/heads/develop
Commit: 1a977c06cfefcf545edb550d0dd05dd872ce0453
Parents: 94f8748
Author: Anuj Bhandar <bh...@gmail.com>
Authored: Thu Apr 27 13:56:40 2017 -0400
Committer: Anuj Bhandar <bh...@gmail.com>
Committed: Thu Apr 27 15:22:54 2017 -0400
----------------------------------------------------------------------
.../iam-admin-services-core/pom.xml | 50 +++-
.../core/impl/TenantManagementKeycloakImpl.java | 253 +++++++++++++++++++
.../interfaces/TenantManagementInterface.java | 39 +++
.../services/core/tests/SetupNewGateway.java | 73 ++++++
.../profile-service-server/pom.xml | 5 +
.../handlers/IamAdminServicesHandler.java | 14 +
.../common/utils/ApplicationSettings.java | 8 +
.../airavata/common/utils/ServerSettings.java | 4 +
.../main/resources/airavata-server.properties | 8 +-
.../iam-admin-services-cpi.thrift | 2 +-
10 files changed, 453 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/pom.xml
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/pom.xml b/airavata-services/profile-service/iam-admin-services-core/pom.xml
index be7e409..dcf637e 100644
--- a/airavata-services/profile-service/iam-admin-services-core/pom.xml
+++ b/airavata-services/profile-service/iam-admin-services-core/pom.xml
@@ -13,7 +13,55 @@
<artifactId>iam-admin-services-core</artifactId>
- <name>Profile User Core</name>
+ <name>Iam Admin Services</name>
+ <dependencies>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>3.1</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.5.3</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api -->
+ <dependency>
+ <groupId>javax.ws.rs</groupId>
+ <artifactId>javax.ws.rs-api</artifactId>
+ <version>2.0.1</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-client -->
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-client</artifactId>
+ <version>3.1.2.Final</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-jackson2-provider -->
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jackson2-provider</artifactId>
+ <version>3.1.2.Final</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client -->
+ <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client -->
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-admin-client</artifactId>
+ <version>2.5.5.Final</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.airavata</groupId>
+ <artifactId>airavata-credential-store</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.airavata</groupId>
+ <artifactId>profile-service-stubs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
new file mode 100644
index 0000000..f688328
--- /dev/null
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -0,0 +1,253 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.airavata.service.profile.iam.admin.services.core.impl;
+
+import org.apache.airavata.common.exception.ApplicationSettingsException;
+import org.apache.airavata.common.utils.ServerSettings;
+import org.apache.airavata.model.credential.store.PasswordCredential;
+import org.apache.airavata.model.user.UserProfile;
+import org.apache.airavata.model.workspace.Gateway;
+import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.UserResource;
+import org.keycloak.representations.idm.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.core.Response;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class TenantManagementKeycloakImpl implements TenantManagementInterface {
+
+ private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class);
+
+ private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) {
+
+ return Keycloak.getInstance(
+ adminUrl,
+ realm, // the realm to log in to
+ AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user
+ "admin-cli"); // admin-cli is the client ID used for keycloak admin operations.
+ }
+
+ @Override
+ public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException {
+ try {
+ // get client
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds);
+ // create realm
+ RealmRepresentation newRealmDetails = new RealmRepresentation();
+ newRealmDetails.setEnabled(true);
+ newRealmDetails.setId(gatewayDetails.getGatewayId());
+ newRealmDetails.setDisplayName(gatewayDetails.getGatewayName());
+ newRealmDetails.setRealm(gatewayDetails.getGatewayId());
+ RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails);
+ client.realms().create(realmWithRoles);
+ return gatewayDetails;
+ } catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage());
+ throw exception;
+ } catch (Exception ex){
+ logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage());
+ throw exception;
+ }
+ }
+
+ public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){
+ List<RoleRepresentation> defaultRoles = new ArrayList<RoleRepresentation>();
+ RoleRepresentation adminRole = new RoleRepresentation();
+ adminRole.setName("admin");
+ adminRole.setDescription("Admin role for PGA users");
+ defaultRoles.add(adminRole);
+ RoleRepresentation adminReadOnlyRole = new RoleRepresentation();
+ adminReadOnlyRole.setName("admin-read-only");
+ adminReadOnlyRole.setDescription("Read only role for PGA Admin users");
+ defaultRoles.add(adminReadOnlyRole);
+ RoleRepresentation gatewayUserRole = new RoleRepresentation();
+ gatewayUserRole.setName("gateway-user");
+ gatewayUserRole.setDescription("default role for PGA users");
+ defaultRoles.add(gatewayUserRole);
+ RolesRepresentation rolesRepresentation = new RolesRepresentation();
+ rolesRepresentation.setRealm(defaultRoles);
+ realmDetails.setRoles(rolesRepresentation);
+ return realmDetails;
+ }
+
+ public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{
+ try{
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds);
+ UserRepresentation user = new UserRepresentation();
+ user.setUsername(gatewayDetails.getIdentityServerUserName());
+ user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
+ user.setLastName(gatewayDetails.getGatewayAdminLastName());
+ user.setEmail(gatewayDetails.getGatewayAdminEmail());
+ user.setEnabled(true);
+ List<String> requiredActionList = new ArrayList<>();
+ requiredActionList.add("UPDATE_PASSWORD");
+ user.setRequiredActions(requiredActionList);
+ Response httpResponse = client.realm(gatewayDetails.getGatewayId()).users().create(user);
+ logger.info("Tenant Admin account creation exited with code : " + httpResponse.getStatus()+" : " +httpResponse.getStatusInfo());
+ if (httpResponse.getStatus() == 201) { //HTTP code for record creation: HTTP 201
+ List<UserRepresentation> retrieveCreatedUserList = client.realm(gatewayDetails.getGatewayId()).users().search(user.getUsername(),
+ user.getFirstName(),
+ user.getLastName(),
+ user.getEmail(),
+ 0, 1);
+ UserResource retrievedUser = client.realm(gatewayDetails.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
+ CredentialRepresentation credential = new CredentialRepresentation();
+ credential.setType(CredentialRepresentation.PASSWORD);
+ credential.setValue(ServerSettings.getGatewayAdminTempPwd());
+ credential.setTemporary(true);
+ retrievedUser.resetPassword(credential);
+ List<ClientRepresentation> realmClients = client.realm(gatewayDetails.getGatewayId()).clients().findAll();
+ String realmManagementClientId=null;
+ for(ClientRepresentation realmClient : realmClients){
+ if(realmClient.getClientId().equals("realm-management")){
+ realmManagementClientId = realmClient.getId();
+ }
+ }
+ retrievedUser.roles().clientLevel(realmManagementClientId).add(retrievedUser.roles().clientLevel(realmManagementClientId).listAvailable());
+ return true;
+ } else {
+ logger.error("Request for Tenant Admin Account Creation failed with HTTP code : " + httpResponse.getStatus());
+ logger.error("Reason for Tenant Admin account creation failure : " + httpResponse.getStatusInfo());
+ return false;
+ }
+ }catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+ throw exception;
+ }catch (Exception ex){
+ logger.error("Error creating Realm Admin Account in keycloak server, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage());
+ throw exception;
+ }
+ }
+
+ public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{
+ try{
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds);
+ ClientRepresentation pgaClient = new ClientRepresentation();
+ pgaClient.setName("pga");
+ pgaClient.setClientId("pga");
+ pgaClient.setProtocol("openid-connect");
+ pgaClient.setStandardFlowEnabled(true);
+ pgaClient.setEnabled(true);
+ pgaClient.setAuthorizationServicesEnabled(true);
+ pgaClient.setDirectAccessGrantsEnabled(true);
+ pgaClient.setServiceAccountsEnabled(true);
+ pgaClient.setFullScopeAllowed(true);
+ pgaClient.setClientAuthenticatorType("client-secret");
+ String[] defaultRoles = {"gateway-user"};
+ pgaClient.setDefaultRoles(defaultRoles);
+ List<String> redirectUris = new ArrayList<>();
+ redirectUris.add("http://accord.scigap.org/callback-url");
+ pgaClient.setRedirectUris(redirectUris);
+ pgaClient.setPublicClient(false);
+ Response httpResponse = client.realms().realm(gatewayDetails.getGatewayId()).clients().create(pgaClient);
+ logger.info("Tenant Client configuration exited with code : " + httpResponse.getStatus()+" : " +httpResponse.getStatusInfo());
+ if(httpResponse.getStatus() == 201){
+ String ClientUUID = client.realms().realm(gatewayDetails.getGatewayId()).clients().findByClientId(pgaClient.getClientId()).get(0).getId();
+ CredentialRepresentation clientSecret = client.realms().realm(gatewayDetails.getGatewayId()).clients().get(ClientUUID).getSecret();
+ gatewayDetails.setOauthClientId(pgaClient.getClientId());
+ gatewayDetails.setOauthClientSecret(clientSecret.getValue());
+ return gatewayDetails;
+ } else {
+ logger.error("Request for Realm Client Creation failed with HTTP code : " + httpResponse.getStatus());
+ logger.error("Reason for Realm Client Creation failure : " + httpResponse.getStatusInfo());
+ return null;
+ }
+ }catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+ throw exception;
+ }
+ }
+
+ public boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile, String newPassword) throws IamAdminServicesException{
+ try{
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userProfile.getGatewayId(), realmAdminCreds);
+ UserRepresentation user = new UserRepresentation();
+ user.setUsername(userProfile.getUserId());
+ //ToDo: userProfile donot have firstname and lastname, putting Full name in keycloak's firstname field.
+ user.setFirstName(userProfile.getUserName());
+ // Always takes the first value
+ List<String> emails = userProfile.getEmails();
+ user.setEmail(emails.get(0));
+ user.setEnabled(false);
+ Response httpResponse = client.realm(userProfile.getGatewayId()).users().create(user);
+ if (httpResponse.getStatus() == 201) { //HTTP code for record creation: HTTP 201
+ List<UserRepresentation> retrieveCreatedUserList = client.realm(userProfile.getGatewayId()).users().search(user.getUsername(),
+ user.getFirstName(),
+ user.getLastName(),
+ user.getEmail(),
+ 0, 1);
+ UserResource retrievedUser = client.realm(userProfile.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
+ CredentialRepresentation credential = new CredentialRepresentation();
+ credential.setType(CredentialRepresentation.PASSWORD);
+ credential.setValue(newPassword);
+ credential.setTemporary(false);
+ retrievedUser.resetPassword(credential);
+ } else {
+ logger.error("Request for user Account Creation failed with HTTP code : " + httpResponse.getStatus());
+ logger.error("Reason for user account creation failure : " + httpResponse.getStatusInfo());
+ return false;
+ }
+ }catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+ throw exception;
+ }
+ return false;
+ }
+
+ public boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails) throws IamAdminServicesException{
+ try{
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userDetails.getGatewayId(), realmAdminAccount);
+ List<String> emails = userDetails.getEmails();
+ List<UserRepresentation> userResourceList = client.realm(userDetails.getGatewayId()).users().search(userDetails.getUserId(),0,1);
+ UserResource userResource = client.realm(userDetails.getGatewayId()).users().get(userResourceList.get(0).getId());
+ UserRepresentation profile = userResource.toRepresentation();
+ profile.setEnabled(true);
+ userResource.update(profile);
+ return true;
+ } catch (ApplicationSettingsException ex) {
+ logger.error("Error getting values from property file, reason: " + ex.getCause(), ex);
+ IamAdminServicesException exception = new IamAdminServicesException();
+ exception.setMessage("Error getting values from property file, reason " + ex.getMessage());
+ throw exception;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
new file mode 100644
index 0000000..b11408a
--- /dev/null
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
@@ -0,0 +1,39 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.airavata.service.profile.iam.admin.services.core.interfaces;
+
+import org.apache.airavata.model.credential.store.PasswordCredential;
+import org.apache.airavata.model.workspace.Gateway;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+
+public interface TenantManagementInterface {
+
+ /**
+ * Method to add Identity server tenant for Airavata gateway creation.
+ *
+ * @param isSuperAdminPasswordCreds identity server super admin credentials
+ * @param gatewayDetails gateway details from workspace catalog
+ * @return Realm object.
+ */
+ public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException;
+
+}
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
new file mode 100644
index 0000000..85578a8
--- /dev/null
+++ b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
@@ -0,0 +1,73 @@
+package org.apache.airavata.service.profile.iam.admin.services.core.tests;
+
+
+import org.apache.airavata.model.credential.store.PasswordCredential;
+import org.apache.airavata.model.user.UserProfile;
+import org.apache.airavata.model.workspace.Gateway;
+import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class SetupNewGateway {
+
+ private final static Logger logger = LoggerFactory.getLogger(SetupNewGateway.class);
+
+ public static void main(String[] args) {
+ UserRegistration();
+ }
+
+ public static void setUpGateway(){
+ Gateway testGateway = new Gateway();
+ testGateway.setGatewayId("maven.test.gateway");
+ testGateway.setGatewayName("maven test gateway");
+ testGateway.setIdentityServerUserName("mavenTest");
+ testGateway.setGatewayAdminFirstName("Maven");
+ testGateway.setGatewayAdminLastName("Test");
+ testGateway.setGatewayAdminEmail("bhandar.anuj@gmail.com");
+ PasswordCredential superAdminCreds = new PasswordCredential();
+ superAdminCreds.setGatewayId(testGateway.getGatewayId());
+ superAdminCreds.setDescription("test credentials for IS admin creation");
+ superAdminCreds.setLoginUserName("airavataAdmin");
+ superAdminCreds.setPassword("Airavata@123");
+ superAdminCreds.setPortalUserName("superAdmin");
+ TenantManagementKeycloakImpl client = new TenantManagementKeycloakImpl();
+ try {
+ client.addTenant(superAdminCreds, testGateway);
+ if (!client.createTenantAdminAccount(superAdminCreds, testGateway)) {
+ logger.error("Admin account creation failed !!, please refer error logs for reason");
+ }
+ Gateway gatewayWithIdAndSecret = client.configureClient(superAdminCreds, testGateway);
+ System.out.println(gatewayWithIdAndSecret.getOauthClientId());
+ System.out.println(gatewayWithIdAndSecret.getOauthClientSecret());
+ } catch (IamAdminServicesException ex) {
+ logger.error("Gateway Setup Failed, reason: " + ex.getCause(), ex);
+ }
+ }
+ public static void UserRegistration(){
+ UserProfile user = new UserProfile();
+ user.setUserId("testuser");
+ user.setUserName("Anuj Bhandar");
+ List<String> emails = new ArrayList<>();
+ emails.add("anuj.bhandar@outlook.com");
+ user.setGatewayId("maven.test.gateway");
+ user.setEmails(emails);
+ PasswordCredential tenantAdminCreds = new PasswordCredential();
+ tenantAdminCreds.setGatewayId(user.getGatewayId());
+ tenantAdminCreds.setDescription("test credentials for tenant admin creation");
+ tenantAdminCreds.setLoginUserName("mavenTest");
+ tenantAdminCreds.setPassword("Test@1234");
+ tenantAdminCreds.setPortalUserName("TenantAdmin");
+
+ TenantManagementKeycloakImpl client = new TenantManagementKeycloakImpl();
+ try {
+ client.createUser(tenantAdminCreds,user,"test@123");
+ client.enableUserAccount(tenantAdminCreds,user);
+ } catch (IamAdminServicesException e) {
+ e.printStackTrace();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/profile-service-server/pom.xml
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/pom.xml b/airavata-services/profile-service/profile-service-server/pom.xml
index bd51318..9163929 100644
--- a/airavata-services/profile-service/profile-service-server/pom.xml
+++ b/airavata-services/profile-service/profile-service-server/pom.xml
@@ -49,6 +49,11 @@
<artifactId>airavata-messaging-core</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.airavata</groupId>
+ <artifactId>iam-admin-services-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 113bf3f..311e831 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -21,9 +21,11 @@
package org.apache.airavata.service.profile.handlers;
+import org.apache.airavata.model.credential.store.PasswordCredential;
import org.apache.airavata.model.error.AuthorizationException;
import org.apache.airavata.model.security.AuthzToken;
import org.apache.airavata.model.workspace.Gateway;
+import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl;
import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices;
import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants;
import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
@@ -49,6 +51,18 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
@Override
public String setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException {
+ PasswordCredential isSuperAdminCredentials = new PasswordCredential();
+ TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ try{
+ keycloakclient.addTenant(isSuperAdminCredentials,gateway);
+ if(!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials,gateway)){
+ logger.error("Admin account creation failed !!, please refer error logs for reason");
+ }
+ Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials,gateway);
+ //return gatewayWithIdAndSecret;
+ } catch (IamAdminServicesException ex){
+ logger.error("Gateway Setup Failed, reason: " + ex.getCause(), ex);
+ }
return null;
}
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java
index 5c438f3..63fb7b0 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java
@@ -433,6 +433,14 @@ public class ApplicationSettings {
return getSetting(ServerSettings.PROFILE_SERVICE_SERVER_PORT);
}
+ public static String getIamServerUrl() throws ApplicationSettingsException {
+ return getSetting(ServerSettings.IAM_SERVER_URL);
+ }
+
+ public static String getGatewayAdminTempPwd() throws ApplicationSettingsException {
+ return getSetting(ServerSettings.NEW_GATEWAY_ADMIN_TEMP_PASSWORD);
+ }
+
/**
* @deprecated use {{@link #getSetting(String)}}
* @return
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
----------------------------------------------------------------------
diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
index e5181eb..f56b330 100644
--- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
+++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java
@@ -133,6 +133,10 @@ public class ServerSettings extends ApplicationSettings {
public static final String PROFILE_SERVICE_SERVER_HOST = "profile.service.server.host";
public static final String PROFILE_SERVICE_SERVER_PORT = "profile.service.server.port";
+ // Iam Server Constants
+ public static final String IAM_SERVER_URL = "iam.server.url";
+ public static final String NEW_GATEWAY_ADMIN_TEMP_PASSWORD="new.gateway.admin.temp.password";
+
/* Caching */
private static final String SESSION_CACHE_ACCESS_TIME_OUT = "ssh.session.cache.access.timeout";
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/modules/configuration/server/src/main/resources/airavata-server.properties
----------------------------------------------------------------------
diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties
index 5c7077d..aa4a2f0 100644
--- a/modules/configuration/server/src/main/resources/airavata-server.properties
+++ b/modules/configuration/server/src/main/resources/airavata-server.properties
@@ -363,4 +363,10 @@ profile.service.jdbc.driver=org.apache.derby.jdbc.ClientDriver
#profile.service.jdbc.driver=com.mysql.jdbc.Driver
profile.service.jdbc.user=airavata
profile.service.jdbc.password=airavata
-profile.service.validationQuery=SELECT 1
\ No newline at end of file
+profile.service.validationQuery=SELECT 1
+
+###########################################################################
+# Iam Admin services Configuration
+###########################################################################
+iam.server.url=https://iam.scigap.org/auth
+new.gateway.admin.temp.password=Password@123
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
----------------------------------------------------------------------
diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
index 1ae7dfb..ee00165 100644
--- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
+++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift
@@ -39,7 +39,7 @@ service IamAdminServices {
throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse,
2: airavata_errors.AuthorizationException ae)
- string setUpGateway (1: required security_model.AuthzToken authzToken,
+ workspace_model.Gateway setUpGateway (1: required security_model.AuthzToken authzToken,
2: required workspace_model.Gateway gateway)
throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse,
2: airavata_errors.AuthorizationException ae)