You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/21 18:44:21 UTC
[3/3] airavata git commit: AIRAVATA-2403 Simplifying IamAdminService
methods
AIRAVATA-2403 Simplifying IamAdminService methods
Making the master realm admin username and password server settings.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/14bb4321
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/14bb4321
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/14bb4321
Branch: refs/heads/develop
Commit: 14bb4321a24db50ba937e40b0ab5665495a16b88
Parents: 13ed71f
Author: Marcus Christie <ma...@apache.org>
Authored: Wed Jun 21 14:43:32 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed Jun 21 14:43:32 2017 -0400
----------------------------------------------------------------------
.../core/impl/TenantManagementKeycloakImpl.java | 72 +-
.../interfaces/TenantManagementInterface.java | 31 +-
.../services/core/tests/SetupNewGateway.java | 4 +-
.../handlers/IamAdminServicesHandler.java | 78 +-
.../admin/services/cpi/IamAdminServices.java | 1279 +++++++-----------
.../scigap/develop/group_vars/all/vars.yml | 2 +
.../scigap/develop/group_vars/all/vault.yml | 61 +-
.../ansible/roles/api-orch/defaults/main.yml | 2 +
.../templates/airavata-server.properties.j2 | 2 +
.../airavata/common/utils/ServerSettings.java | 10 +
.../main/resources/airavata-server.properties | 4 +-
.../org/apache/airavata/MigrationManager.java | 2 +-
.../iam-admin-services-cpi.thrift | 25 +-
13 files changed, 634 insertions(+), 938 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 20b926c..f8d2ca3 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -50,6 +50,8 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class);
+ private String superAdminRealmId = "master";
+
// TODO: close Keycloak client once done with it?
private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) {
@@ -67,21 +69,6 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
.build();
}
- private static Keycloak getClient(String adminUrl, String realm, String authToken) {
-
- ResteasyClient resteasyClient = new ResteasyClientBuilder()
- .connectionPoolSize(10)
- .trustStore(loadKeyStore())
- .build();
- return KeycloakBuilder.builder()
- .serverUrl(adminUrl)
- .realm(realm)
- .authorization(authToken)
- .clientId("admin-cli")
- .resteasyClient(resteasyClient)
- .build();
- }
-
private static KeyStore loadKeyStore() {
FileInputStream fis = null;
@@ -107,7 +94,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException {
try {
// get client
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds);
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
// create realm
RealmRepresentation newRealmDetails = new RealmRepresentation();
newRealmDetails.setEnabled(true);
@@ -164,7 +151,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
@Override
public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{
try{
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds);
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
UserRepresentation user = new UserRepresentation();
user.setUsername(gatewayDetails.getIdentityServerUserName());
user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
@@ -223,7 +210,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
@Override
public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{
try{
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds);
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), this.superAdminRealmId, isSuperAdminPasswordCreds);
ClientRepresentation pgaClient = new ClientRepresentation();
pgaClient.setName("pga");
pgaClient.setClientId("pga");
@@ -274,25 +261,23 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
@Override
- public boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile, String newPassword) throws IamAdminServicesException{
+ public boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException{
try{
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userProfile.getGatewayId(), realmAdminCreds);
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
UserRepresentation user = new UserRepresentation();
- user.setUsername(userProfile.getUserId());
- user.setFirstName(userProfile.getFirstName());
- user.setLastName(userProfile.getLastName());
- // Always takes the first value
- List<String> emails = userProfile.getEmails();
- user.setEmail(emails.get(0));
+ user.setUsername(username);
+ user.setFirstName(firstName);
+ user.setLastName(lastName);
+ user.setEmail(emailAddress);
user.setEnabled(false);
- Response httpResponse = client.realm(userProfile.getGatewayId()).users().create(user);
+ Response httpResponse = client.realm(tenantId).users().create(user);
if (httpResponse.getStatus() == 201) { //HTTP code for record creation: HTTP 201
- List<UserRepresentation> retrieveCreatedUserList = client.realm(userProfile.getGatewayId()).users().search(user.getUsername(),
+ List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(user.getUsername(),
user.getFirstName(),
user.getLastName(),
user.getEmail(),
0, 1);
- UserResource retrievedUser = client.realm(userProfile.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
+ UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(newPassword);
@@ -313,12 +298,11 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
@Override
- public boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails) throws IamAdminServicesException{
+ public boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException{
try{
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userDetails.getGatewayId(), realmAdminAccount);
- List<String> emails = userDetails.getEmails();
- List<UserRepresentation> userResourceList = client.realm(userDetails.getGatewayId()).users().search(userDetails.getUserId(),0,1);
- UserResource userResource = client.realm(userDetails.getGatewayId()).users().get(userResourceList.get(0).getId());
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
+ List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username,0,1);
+ UserResource userResource = client.realm(tenantId).users().get(userResourceList.get(0).getId());
UserRepresentation profile = userResource.toRepresentation();
profile.setEnabled(true);
userResource.update(profile);
@@ -331,9 +315,10 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
}
- public boolean resetUserPassword(String authToken, String tenantId, String username, String newPassword) throws IamAdminServicesException{
+ @Override
+ public boolean resetUserPassword(PasswordCredential realmAdminCreds, String tenantId, String username, String newPassword) throws IamAdminServicesException{
try{
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, authToken);
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
List<UserRepresentation> retrieveUserList = client.realm(tenantId).users().search(username,
null,
null,
@@ -369,10 +354,11 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
}
- public List<UserProfile> findUser(PasswordCredential realmAdminCreds, String gatewayID, String email, String userName) throws IamAdminServicesException{
+ @Override
+ public List<UserProfile> findUser(PasswordCredential realmAdminCreds, String tenantId, String email, String userName) throws IamAdminServicesException{
try{
- Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), gatewayID, realmAdminCreds);
- List<UserRepresentation> retrieveUserList = client.realm(gatewayID).users().search(userName,
+ Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
+ List<UserRepresentation> retrieveUserList = client.realm(tenantId).users().search(userName,
null,
null,
email,
@@ -407,12 +393,12 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
}
@Override
- public void updateUserProfile(PasswordCredential realmAdminCreds, String gatewayId, String username, UserProfile userDetails) throws IamAdminServicesException {
+ public void updateUserProfile(PasswordCredential realmAdminCreds, String tenantId, String username, UserProfile userDetails) throws IamAdminServicesException {
Keycloak client = null;
try{
- client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), gatewayId, realmAdminCreds);
- List<UserRepresentation> retrieveUserList = client.realm(gatewayId).users().search(username,
+ client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds);
+ List<UserRepresentation> retrieveUserList = client.realm(tenantId).users().search(username,
null,
null,
null,
@@ -423,7 +409,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface {
userRepresentation.setFirstName(userDetails.getFirstName());
userRepresentation.setLastName(userDetails.getLastName());
userRepresentation.setEmail(userDetails.getEmails().get(0));
- UserResource userResource = client.realm(gatewayId).users().get(userRepresentation.getId());
+ UserResource userResource = client.realm(tenantId).users().get(userRepresentation.getId());
userResource.update(userRepresentation);
}else{
throw new IamAdminServicesException("User [" + username + "] wasn't found in Keycloak!");
http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
index b413eb0..5972dfe 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
@@ -61,49 +61,54 @@ public interface TenantManagementInterface {
* Method to create user in Identity Server
*
* @param realmAdminCreds identity server realm admin credentials
- * @param userProfile gateway details from workspace catalog
+ * @param username
+ * @param emailAddress
+ * @param firstName
+ * @param lastName
* @param newPassword
- * @return Gateway object.
+ * @return true if user created
+ * @throws IamAdminServicesException
*/
- boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile, String newPassword) throws IamAdminServicesException;
+ boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException;
/**
* Method to enable user in Identity Server
*
- * @param realmAdminAccount identity server realm admin credentials
- * @param userDetails gateway details from workspace catalog
+ * @param realmAdminCreds identity server realm admin credentials
+ * @param tenantId
+ * @param username
* @return boolean.
*/
- boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails) throws IamAdminServicesException;
+ boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String username) throws IamAdminServicesException;
/**
* Method to reset user password in Identity Server
*
- * @param authToken for realm admin
+ * @param realmAdminCreds identity server realm admin credentials
* @param tenantId
* @param username
* @param newPassword
* @return boolean
*/
- boolean resetUserPassword(String authToken, String tenantId, String username, String newPassword) throws IamAdminServicesException;
+ boolean resetUserPassword(PasswordCredential realmAdminCreds, String tenantId, String username, String newPassword) throws IamAdminServicesException;
/**
* Method to find user in Identity Server
*
* @param realmAdminCreds identity server realm admin credentials
- * @param gatewayID required
+ * @param tenantId required
* @param email required
- * @param userName can be null
+ * @param username can be null
* @return Gateway object.
*/
- List<UserProfile> findUser(PasswordCredential realmAdminCreds, String gatewayID, String email, String userName) throws IamAdminServicesException;
+ List<UserProfile> findUser(PasswordCredential realmAdminCreds, String tenantId, String email, String username) throws IamAdminServicesException;
/**
* Update the user's profile in the Identity Server
* @param realmAdminCreds
- * @param gatewayId
+ * @param tenantId
* @param username
* @param userDetails
*/
- void updateUserProfile(PasswordCredential realmAdminCreds, String gatewayId, String username, UserProfile userDetails) throws IamAdminServicesException;
+ void updateUserProfile(PasswordCredential realmAdminCreds, String tenantId, String username, UserProfile userDetails) throws IamAdminServicesException;
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
index e192569..1f1c915 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
@@ -65,8 +65,8 @@ public class SetupNewGateway {
TenantManagementKeycloakImpl client = new TenantManagementKeycloakImpl();
try {
- client.createUser(tenantAdminCreds,user,"test@123");
- client.enableUserAccount(tenantAdminCreds,user);
+ client.createUser(tenantAdminCreds, user.getGatewayId(), user.getUserId(), user.getEmails().get(0), user.getFirstName(), user.getLastName(),"test@123");
+ client.enableUserAccount(tenantAdminCreds, user.getGatewayId(), user.getUserId());
} catch (IamAdminServicesException e) {
e.printStackTrace();
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 43e0893..57d8b8b 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -66,8 +66,9 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
@Override
@SecurityCheck
- public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway, PasswordCredential isSuperAdminCredentials) throws IamAdminServicesException, AuthorizationException {
+ public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential();
try{
keycloakclient.addTenant(isSuperAdminCredentials,gateway);
if(!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials,gateway)){
@@ -84,58 +85,70 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
//ToDo: Will only be secure when using SSL between PGA and Airavata
@Override
@SecurityCheck
- public boolean registerUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential isRealmAdminCredentials, String newPassword) throws IamAdminServicesException, AuthorizationException {
+ public boolean registerUser(AuthzToken authzToken, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try{
- if(keycloakclient.createUser(isRealmAdminCredentials,userDetails,newPassword))
+ PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+ if(keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress, firstName, lastName, newPassword))
return true;
else
return false;
- } catch (IamAdminServicesException ex){
- logger.error("Error while registering user into Identity Server, reason: " + ex.getMessage(), ex);
- throw ex;
+ } catch (TException|ApplicationSettingsException ex){
+ String msg = "Error while registering user into Identity Server, reason: " + ex.getMessage();
+ logger.error(msg, ex);
+ throw new IamAdminServicesException(msg);
}
}
@Override
@SecurityCheck
- public boolean enableUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential isRealmAdminCredentials) throws IamAdminServicesException, AuthorizationException {
+ public boolean enableUser(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try{
- if(keycloakclient.enableUserAccount(isRealmAdminCredentials,userDetails))
+ PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+ if(keycloakclient.enableUserAccount(isRealmAdminCredentials, gatewayId, username))
return true;
else
return false;
- } catch (IamAdminServicesException ex){
- logger.error("Error while enabling user account, reason: " + ex.getMessage(), ex);
- throw ex;
+ } catch (TException|ApplicationSettingsException ex){
+ String msg = "Error while enabling user account, reason: " + ex.getMessage();
+ logger.error(msg, ex);
+ throw new IamAdminServicesException(msg);
}
}
@Override
@SecurityCheck
- public boolean resetUserPassword(AuthzToken authzToken, String tenantId, String username, String newPassword) throws IamAdminServicesException, AuthorizationException, TException {
+ public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try{
- if(keycloakclient.resetUserPassword(authzToken.getAccessToken(), tenantId, username, newPassword))
+ PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+ if(keycloakclient.resetUserPassword(isRealmAdminCredentials, gatewayId, username, newPassword))
return true;
else
return false;
- } catch (IamAdminServicesException ex){
- logger.error("Error while resetting user password in Identity Server, reason: " + ex.getMessage(), ex);
- throw ex;
+ } catch (TException|ApplicationSettingsException ex){
+ String msg = "Error while resetting user password in Identity Server, reason: " + ex.getMessage();
+ logger.error(msg, ex);
+ throw new IamAdminServicesException(msg);
}
}
@Override
@SecurityCheck
- public List<UserProfile> findUsers(AuthzToken authzToken, String gatewayID, String email, String userId, PasswordCredential isRealmAdminCredentials) throws IamAdminServicesException, AuthorizationException, TException {
+ public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+ String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try{
- return keycloakclient.findUser(isRealmAdminCredentials,gatewayID,email,userId);
- } catch (IamAdminServicesException ex){
- logger.error("Error while retrieving users from Identity Server, reason: " + ex.getMessage(), ex);
- throw ex;
+ PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+ return keycloakclient.findUser(isRealmAdminCredentials, gatewayId, email, userId);
+ } catch (TException|ApplicationSettingsException ex){
+ String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage();
+ logger.error(msg, ex);
+ throw new IamAdminServicesException(msg);
}
}
@@ -152,16 +165,33 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
if (!username.equals(userDetails.getUserId())) {
throw new IamAdminServicesException("userId in user profile doesn't match authorization token!");
}
- GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
- CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
- PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
+ PasswordCredential credential = getTenantAdminPasswordCredential(gatewayId);
keycloakclient.updateUserProfile(credential, gatewayId, username, userDetails);
} catch (ApplicationSettingsException e) {
throw new IamAdminServicesException("Unable to create service clients. Reason: " + e.getMessage());
}
}
+ private PasswordCredential getSuperAdminPasswordCredential() {
+ PasswordCredential isSuperAdminCredentials = new PasswordCredential();
+ try {
+ isSuperAdminCredentials.setLoginUserName(ServerSettings.getIamServerSuperAdminUsername());
+ isSuperAdminCredentials.setPassword(ServerSettings.getIamServerSuperAdminPassword());
+ } catch (ApplicationSettingsException e) {
+ throw new RuntimeException("Unable to get settings for IAM super admin username/password", e);
+ }
+ return isSuperAdminCredentials;
+ }
+
+ private PasswordCredential getTenantAdminPasswordCredential(String tenantId) throws TException, ApplicationSettingsException {
+
+ GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(tenantId);
+
+ CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+ return csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
+ }
+
private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException {
final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort());
final String serverHost = ServerSettings.getRegistryServerHost();