You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by di...@apache.org on 2021/07/29 19:10:44 UTC
[airavata-mft] branch develop updated: Supporting deligate auth at
mft datalake backend
This is an automated email from the ASF dual-hosted git repository.
dimuthuupe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-mft.git
The following commit(s) were added to refs/heads/develop by this push:
new e62947a Supporting deligate auth at mft datalake backend
e62947a is described below
commit e62947a7b9626d1fa8b1639e3a6ab8318d438f82
Author: Dimuthu Wannipurage <di...@gmail.com>
AuthorDate: Thu Jul 29 15:10:29 2021 -0400
Supporting deligate auth at mft datalake backend
---
.../backend/datalake/DatalakeResourceBackend.java | 42 ++++++++++++++++++----
1 file changed, 36 insertions(+), 6 deletions(-)
diff --git a/services/resource-service/server/src/main/java/org/apache/airavata/mft/resource/server/backend/datalake/DatalakeResourceBackend.java b/services/resource-service/server/src/main/java/org/apache/airavata/mft/resource/server/backend/datalake/DatalakeResourceBackend.java
index 6a9a123..931f6db 100644
--- a/services/resource-service/server/src/main/java/org/apache/airavata/mft/resource/server/backend/datalake/DatalakeResourceBackend.java
+++ b/services/resource-service/server/src/main/java/org/apache/airavata/mft/resource/server/backend/datalake/DatalakeResourceBackend.java
@@ -17,17 +17,17 @@
package org.apache.airavata.mft.resource.server.backend.datalake;
-import com.google.protobuf.Struct;
import io.grpc.ManagedChannel;
import io.grpc.ManagedChannelBuilder;
+import org.apache.airavata.datalake.drms.AuthCredentialType;
+import org.apache.airavata.datalake.drms.AuthenticatedUser;
import org.apache.airavata.datalake.drms.DRMSServiceAuthToken;
import org.apache.airavata.datalake.drms.storage.ResourceFetchRequest;
import org.apache.airavata.datalake.drms.storage.ResourceFetchResponse;
import org.apache.airavata.datalake.drms.storage.ResourceServiceGrpc;
-import org.apache.airavata.datalake.drms.storage.preference.s3.S3StoragePreference;
-import org.apache.airavata.datalake.drms.storage.preference.ssh.SSHStoragePreference;
import org.apache.airavata.datalake.drms.storage.ssh.SSHStorage;
import org.apache.airavata.mft.common.AuthToken;
+import org.apache.airavata.mft.common.DelegateAuth;
import org.apache.airavata.mft.common.PasswordAuth;
import org.apache.airavata.mft.resource.server.backend.ResourceBackend;
import org.apache.airavata.mft.resource.stubs.azure.storage.*;
@@ -39,11 +39,11 @@ import org.apache.airavata.mft.resource.stubs.gcs.storage.*;
import org.apache.airavata.mft.resource.stubs.local.storage.*;
import org.apache.airavata.mft.resource.stubs.s3.storage.*;
import org.apache.airavata.mft.resource.stubs.scp.storage.*;
-import org.apache.custos.clients.CustosClientProvider;
-import org.apache.custos.identity.management.client.IdentityManagementClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
import java.util.Optional;
public class DatalakeResourceBackend implements ResourceBackend {
@@ -78,14 +78,44 @@ public class DatalakeResourceBackend implements ResourceBackend {
}
}
+ private DRMSServiceAuthToken getDrmsToken(AuthToken authToken) {
+ switch (authToken.getAuthMechanismCase()) {
+ case USERTOKENAUTH:
+ return DRMSServiceAuthToken.newBuilder().setAccessToken(authToken.getUserTokenAuth().getToken()).build();
+
+ case DELEGATEAUTH:
+ DelegateAuth delegateAuth = authToken.getDelegateAuth();
+ return DRMSServiceAuthToken.newBuilder()
+ .setAccessToken(Base64.getEncoder()
+ .encodeToString((delegateAuth.getClientId() + ":" + delegateAuth.getClientSecret())
+ .getBytes(StandardCharsets.UTF_8)))
+ .setAuthCredentialType(AuthCredentialType.AGENT_ACCOUNT_CREDENTIAL)
+ .setAuthenticatedUser(AuthenticatedUser.newBuilder()
+ .setUsername(delegateAuth.getUserId())
+ .setTenantId(delegateAuth.getPropertiesOrThrow("TENANT_ID"))
+ .build())
+ .build();
+
+ }
+ return null;
+
+ }
@Override
public Optional<GenericResource> getGenericResource(GenericResourceGetRequest request) throws Exception {
AuthToken authzToken = request.getAuthzToken();
+ DRMSServiceAuthToken drmsServiceAuthToken = getDrmsToken(authzToken);
+
+ if (drmsServiceAuthToken == null) {
+ logger.error("DRMS Service auth token can not be null. Invalid token type {} specified",
+ authzToken.getAuthMechanismCase());
+ throw new Exception("DRMS Service auth token can not be null. Invalid token type specified");
+ }
+
ResourceServiceGrpc.ResourceServiceBlockingStub datalakeResourceStub = ResourceServiceGrpc.newBlockingStub(channel);
ResourceFetchResponse resourceFetchResponse = datalakeResourceStub.fetchResource(ResourceFetchRequest.newBuilder()
- .setAuthToken(DRMSServiceAuthToken.newBuilder().setAccessToken(authzToken.getUserTokenAuth().getToken()).build())
+ .setAuthToken(drmsServiceAuthToken)
.setResourceId(request.getResourceId())
.build());