[airavata] branch develop updated: AIRAVATA-3383 Add manage-clients role to generated portal client

[ma...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/develop by this push:
     new b66261f  AIRAVATA-3383 Add manage-clients role to generated portal client
     new ff12b5c  Merge branch 'airavata-3383' into develop
b66261f is described below

commit b66261fe70b34e9434a466208d84dc000b45e0c2
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Mon Jun 14 13:47:05 2021 -0400

    AIRAVATA-3383 Add manage-clients role to generated portal client
    
    manage-clients is needed so that web client can generate additional clients for local development
---
 .../admin/services/core/impl/TenantManagementKeycloakImpl.java    | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 7baa89d..14dc387 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -303,15 +303,15 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
             Response httpResponse = client.realms().realm(gatewayDetails.getGatewayId()).clients().create(pgaClient);
             logger.info("Tenant Client configuration exited with code : " + httpResponse.getStatus()+" : " +httpResponse.getStatusInfo());
 
-            // Add the manage-users role to the web client
+            // Add the manage-users and manage-clients roles to the web client
             UserRepresentation serviceAccountUserRepresentation = getUserByUsername(client, gatewayDetails.getGatewayId(), "service-account-" + pgaClient.getClientId());
             UserResource serviceAccountUser = client.realms().realm(gatewayDetails.getGatewayId()).users().get(serviceAccountUserRepresentation.getId());
             String realmManagementClientId = getRealmManagementClientId(client, gatewayDetails.getGatewayId());
-            List<RoleRepresentation> manageUsersRole = serviceAccountUser.roles().clientLevel(realmManagementClientId).listAvailable()
+            List<RoleRepresentation> manageUsersAndManageClientsRoles = serviceAccountUser.roles().clientLevel(realmManagementClientId).listAvailable()
                     .stream()
-                    .filter(r -> r.getName().equals("manage-users"))
+                    .filter(r -> r.getName().equals("manage-users") || r.getName().equals("manage-clients"))
                     .collect(Collectors.toList());
-            serviceAccountUser.roles().clientLevel(realmManagementClientId).add(manageUsersRole);
+            serviceAccountUser.roles().clientLevel(realmManagementClientId).add(manageUsersAndManageClientsRoles);
 
             if(httpResponse.getStatus() == 201){
                 String ClientUUID = client.realms().realm(gatewayDetails.getGatewayId()).clients().findByClientId(pgaClient.getClientId()).get(0).getId();