You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2020/06/11 21:15:39 UTC
[airavata-custos] branch develop updated: Add public APIs for
resource secret management and validations
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new 0f86c38 Add public APIs for resource secret management and validations
new 64cb7aa Merge pull request #73 from isururanawaka/credential_store
0f86c38 is described below
commit 0f86c38a7350822ddc36f5e6ee8a09a2f5aa0005
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Thu Jun 11 16:55:34 2020 -0400
Add public APIs for resource secret management and validations
---
.../src/main/java/ResourceSecretClient.java | 54 ------
.../secret/client/ResourceSecretClient.java | 100 +++++++++++
.../resources/keycloak-client-truststore.pkcs12 | Bin 1674 -> 1682 bytes
.../resources/keycloak-client-truststore.pkcs12 | Bin 1674 -> 1682 bytes
.../secret/manager/CredentialGeneratorFactory.java | 6 +-
.../{outbound => inbound}/CredentialReader.java | 4 +-
.../CertificateCredential.java | 2 +-
.../{inbound => outbound}/CredentialWriter.java | 2 +-
.../{inbound => outbound}/PasswordCredential.java | 2 +-
.../{inbound => outbound}/ResourceCredential.java | 2 +-
.../{inbound => outbound}/SSHCredential.java | 2 +-
.../secret/service/ResourceSecretService.java | 16 +-
.../src/main/proto/ResourceSecretService.proto | 1 +
.../src/main/resources/bootstrap.properties | 2 +-
.../main/resources/iamAdminCoreService.properties | 6 +-
.../main/resources/identityCoreService.properties | 12 ++
.../resourceSecretManagementService.properties | 4 +-
.../commons/interceptors/AuthInterceptor.java | 117 ++++++++++++-
.../resource-secret-management-service.pb | Bin 83673 -> 94201 bytes
.../interceptors/ClientAuthInterceptorImpl.java | 57 ++++++-
.../management/interceptors/InputValidator.java | 34 ++++
.../service/ResourceSecretManagementService.java | 183 ++++++++++++++++++++-
.../proto/ResourceSecretManagementService.proto | 62 ++++++-
23 files changed, 578 insertions(+), 90 deletions(-)
diff --git a/custos-core-services-client-stubs/resource-secret-core-service-client-stub/src/main/java/ResourceSecretClient.java b/custos-core-services-client-stubs/resource-secret-core-service-client-stub/src/main/java/ResourceSecretClient.java
deleted file mode 100644
index fca9f2e..0000000
--- a/custos-core-services-client-stubs/resource-secret-core-service-client-stub/src/main/java/ResourceSecretClient.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import io.grpc.ClientInterceptor;
-import io.grpc.ManagedChannel;
-import io.grpc.ManagedChannelBuilder;
-import org.apache.custos.resource.secret.service.GetSecretRequest;
-import org.apache.custos.resource.secret.service.ResourceSecretServiceGrpc;
-import org.apache.custos.resource.secret.service.SecretMetadata;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
-
-import java.util.List;
-
-@Component
-public class ResourceSecretClient {
-
- private ManagedChannel managedChannel;
- private ResourceSecretServiceGrpc.ResourceSecretServiceBlockingStub resourceSecretServiceBlockingStub;
-
- private final List<ClientInterceptor> clientInterceptorList;
-
- public ResourceSecretClient(List<ClientInterceptor> clientInterceptorList,
- @Value("${resource.secret.service.dns.name}") String serviceHost,
- @Value("${resource.secret.service.port}") int servicePort) {
- this.clientInterceptorList = clientInterceptorList;
- managedChannel = ManagedChannelBuilder.forAddress(
- serviceHost, servicePort).usePlaintext(true).intercept(clientInterceptorList).build();
- resourceSecretServiceBlockingStub = ResourceSecretServiceGrpc.newBlockingStub(managedChannel);
- }
-
-
- public SecretMetadata getSecretResponse (GetSecretRequest request) {
- return resourceSecretServiceBlockingStub.getSecret(request);
-
- }
-
-}
diff --git a/custos-core-services-client-stubs/resource-secret-core-service-client-stub/src/main/java/org/apache/custos/resource/secret/client/ResourceSecretClient.java b/custos-core-services-client-stubs/resource-secret-core-service-client-stub/src/main/java/org/apache/custos/resource/secret/client/ResourceSecretClient.java
new file mode 100644
index 0000000..1f789fe
--- /dev/null
+++ b/custos-core-services-client-stubs/resource-secret-core-service-client-stub/src/main/java/org/apache/custos/resource/secret/client/ResourceSecretClient.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.custos.resource.secret.client;
+import io.grpc.ClientInterceptor;
+import io.grpc.ManagedChannel;
+import io.grpc.ManagedChannelBuilder;
+import org.apache.custos.resource.secret.service.*;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+
+@Component
+public class ResourceSecretClient {
+
+ private ManagedChannel managedChannel;
+ private ResourceSecretServiceGrpc.ResourceSecretServiceBlockingStub resourceSecretServiceBlockingStub;
+
+ private final List<ClientInterceptor> clientInterceptorList;
+
+ public ResourceSecretClient(List<ClientInterceptor> clientInterceptorList,
+ @Value("${resource.secret.service.dns.name}") String serviceHost,
+ @Value("${resource.secret.service.port}") int servicePort) {
+ this.clientInterceptorList = clientInterceptorList;
+ managedChannel = ManagedChannelBuilder.forAddress(
+ serviceHost, servicePort).usePlaintext(true).intercept(clientInterceptorList).build();
+ resourceSecretServiceBlockingStub = ResourceSecretServiceGrpc.newBlockingStub(managedChannel);
+ }
+
+
+ public SecretMetadata getSecretResponse(GetSecretRequest request) {
+ return resourceSecretServiceBlockingStub.getSecret(request);
+
+ }
+
+
+ public SecretMetadata getResourceCredentialSummary(GetResourceCredentialByTokenRequest request) {
+
+ return resourceSecretServiceBlockingStub.getResourceCredentialSummary(request);
+ }
+
+ public ResourceCredentialSummaries getAllResourceCredentialSummaries(GetResourceCredentialSummariesRequest request) {
+ return resourceSecretServiceBlockingStub.getAllResourceCredentialSummaries(request);
+ }
+
+ public AddResourceCredentialResponse addSSHCredential(SSHCredential credential) {
+ return resourceSecretServiceBlockingStub.addSSHCredential(credential);
+ }
+
+ public AddResourceCredentialResponse addPasswordCredential(PasswordCredential credential) {
+ return resourceSecretServiceBlockingStub.addPasswordCredential(credential);
+ }
+
+ public AddResourceCredentialResponse addCertificateCredential(CertificateCredential certificateCredential) {
+ return resourceSecretServiceBlockingStub.addCertificateCredential(certificateCredential);
+ }
+
+ public SSHCredential getSSHCredential(GetResourceCredentialByTokenRequest request) {
+ return resourceSecretServiceBlockingStub.getSSHCredential(request);
+ }
+
+ public PasswordCredential getPasswordCredential(GetResourceCredentialByTokenRequest request) {
+ return resourceSecretServiceBlockingStub.getPasswordCredential(request);
+ }
+
+ public CertificateCredential getCertificateCredential(GetResourceCredentialByTokenRequest request) {
+ return resourceSecretServiceBlockingStub.getCertificateCredential(request);
+ }
+
+ public ResourceCredentialOperationStatus deleteSSHCredential(GetResourceCredentialByTokenRequest request) {
+ return resourceSecretServiceBlockingStub.deleteSSHCredential(request);
+ }
+
+ public ResourceCredentialOperationStatus deletePWDCredential(GetResourceCredentialByTokenRequest request) {
+ return resourceSecretServiceBlockingStub.deletePWDCredential(request);
+ }
+
+ public ResourceCredentialOperationStatus deleteCertificateCredential(GetResourceCredentialByTokenRequest request) {
+ return resourceSecretServiceBlockingStub.deleteCertificateCredential(request);
+ }
+
+
+}
diff --git a/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12 b/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
index 6b84b0f..e74f785 100644
Binary files a/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12 and b/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12 differ
diff --git a/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12 b/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
index 6b84b0f..e74f785 100644
Binary files a/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12 and b/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12 differ
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/CredentialGeneratorFactory.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/CredentialGeneratorFactory.java
index efd8acb..5d13bee 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/CredentialGeneratorFactory.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/CredentialGeneratorFactory.java
@@ -39,11 +39,11 @@ public class CredentialGeneratorFactory {
public Credential getCredential(GeneratedMessageV3 message) throws Exception {
if (message instanceof SSHCredential) {
- return new org.apache.custos.resource.secret.manager.adaptor.inbound.SSHCredential(message);
+ return new org.apache.custos.resource.secret.manager.adaptor.outbound.SSHCredential(message);
} else if (message instanceof CertificateCredential) {
- return new org.apache.custos.resource.secret.manager.adaptor.inbound.CertificateCredential(message);
+ return new org.apache.custos.resource.secret.manager.adaptor.outbound.CertificateCredential(message);
} else if (message instanceof PasswordCredential) {
- return new org.apache.custos.resource.secret.manager.adaptor.inbound.PasswordCredential(message);
+ return new org.apache.custos.resource.secret.manager.adaptor.outbound.PasswordCredential(message);
}
return null;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialReader.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
similarity index 98%
rename from custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialReader.java
rename to custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
index 0fe3d03..f4a6c9b 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialReader.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
@@ -17,10 +17,10 @@
* under the License.
*/
-package org.apache.custos.resource.secret.manager.adaptor.outbound;
+package org.apache.custos.resource.secret.manager.adaptor.inbound;
import org.apache.custos.resource.secret.utils.Constants;
-import org.apache.custos.resource.secret.manager.adaptor.inbound.CredentialWriter;
+import org.apache.custos.resource.secret.manager.adaptor.outbound.CredentialWriter;
import org.apache.custos.resource.secret.persistance.local.model.Secret;
import org.apache.custos.resource.secret.persistance.local.repository.SecretRepository;
import org.apache.custos.resource.secret.persistance.vault.Certificate;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CertificateCredential.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
similarity index 98%
rename from custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CertificateCredential.java
rename to custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
index 6823cb8..d52d677 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CertificateCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.custos.resource.secret.manager.adaptor.inbound;
+package org.apache.custos.resource.secret.manager.adaptor.outbound;
import com.google.protobuf.GeneratedMessageV3;
import org.apache.commons.codec.binary.Base64;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialWriter.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
similarity index 99%
rename from custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialWriter.java
rename to custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
index 68619bd..edbb241 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialWriter.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.custos.resource.secret.manager.adaptor.inbound;
+package org.apache.custos.resource.secret.manager.adaptor.outbound;
import org.apache.custos.resource.secret.utils.Constants;
import org.apache.custos.resource.secret.exceptions.CredentialStoreException;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/PasswordCredential.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
similarity index 95%
rename from custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/PasswordCredential.java
rename to custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
index f81fd05..6b7b03c 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/PasswordCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.custos.resource.secret.manager.adaptor.inbound;
+package org.apache.custos.resource.secret.manager.adaptor.outbound;
import com.google.protobuf.GeneratedMessageV3;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/ResourceCredential.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
similarity index 98%
rename from custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/ResourceCredential.java
rename to custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
index 4f28138..27b6b10 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/ResourceCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.custos.resource.secret.manager.adaptor.inbound;
+package org.apache.custos.resource.secret.manager.adaptor.outbound;
import com.google.protobuf.GeneratedMessageV3;
import org.apache.custos.resource.secret.manager.Credential;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/SSHCredential.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
similarity index 98%
rename from custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/SSHCredential.java
rename to custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
index 8bf1230..5e2d6eb 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/SSHCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.custos.resource.secret.manager.adaptor.inbound;
+package org.apache.custos.resource.secret.manager.adaptor.outbound;
import com.google.protobuf.GeneratedMessageV3;
import com.jcraft.jsch.JSch;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
index e939e01..2f50e15 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
@@ -25,8 +25,8 @@ import org.apache.custos.core.services.commons.StatusUpdater;
import org.apache.custos.core.services.commons.persistance.model.OperationStatus;
import org.apache.custos.resource.secret.manager.Credential;
import org.apache.custos.resource.secret.manager.CredentialGeneratorFactory;
-import org.apache.custos.resource.secret.manager.adaptor.inbound.CredentialWriter;
-import org.apache.custos.resource.secret.manager.adaptor.outbound.CredentialReader;
+import org.apache.custos.resource.secret.manager.adaptor.outbound.CredentialWriter;
+import org.apache.custos.resource.secret.manager.adaptor.inbound.CredentialReader;
import org.apache.custos.resource.secret.utils.Operations;
import org.lognet.springboot.grpc.GRpcService;
import org.slf4j.Logger;
@@ -107,8 +107,8 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
" of owner " + request.getMetadata().getOwnerId() + " with token " + request.getMetadata().getToken());
Credential credential = credentialGeneratorFactory.getCredential(request);
- org.apache.custos.resource.secret.manager.adaptor.inbound.SSHCredential sshCredential =
- (org.apache.custos.resource.secret.manager.adaptor.inbound.SSHCredential) credential;
+ org.apache.custos.resource.secret.manager.adaptor.outbound.SSHCredential sshCredential =
+ (org.apache.custos.resource.secret.manager.adaptor.outbound.SSHCredential) credential;
credentialWriter.
saveSSHCredential(sshCredential);
@@ -141,8 +141,8 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
" of owner " + request.getMetadata().getOwnerId() + " with token " + request.getMetadata().getToken());
Credential credential = credentialGeneratorFactory.getCredential(request);
- org.apache.custos.resource.secret.manager.adaptor.inbound.PasswordCredential passwordCredential =
- (org.apache.custos.resource.secret.manager.adaptor.inbound.PasswordCredential) credential;
+ org.apache.custos.resource.secret.manager.adaptor.outbound.PasswordCredential passwordCredential =
+ (org.apache.custos.resource.secret.manager.adaptor.outbound.PasswordCredential) credential;
credentialWriter.
savePasswordCredential(passwordCredential);
@@ -174,8 +174,8 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
Credential credential = credentialGeneratorFactory.getCredential(request);
- org.apache.custos.resource.secret.manager.adaptor.inbound.CertificateCredential certificateCredential =
- (org.apache.custos.resource.secret.manager.adaptor.inbound.CertificateCredential) credential;
+ org.apache.custos.resource.secret.manager.adaptor.outbound.CertificateCredential certificateCredential =
+ (org.apache.custos.resource.secret.manager.adaptor.outbound.CertificateCredential) credential;
credentialWriter.
saveCertificateCredential(certificateCredential);
diff --git a/custos-core-services/resource-secret-core-service/src/main/proto/ResourceSecretService.proto b/custos-core-services/resource-secret-core-service/src/main/proto/ResourceSecretService.proto
index 90789a6..d63be89 100644
--- a/custos-core-services/resource-secret-core-service/src/main/proto/ResourceSecretService.proto
+++ b/custos-core-services/resource-secret-core-service/src/main/proto/ResourceSecretService.proto
@@ -109,6 +109,7 @@ message GetResourceCredentialSummariesRequest {
int64 tenantId = 3;
string owner_id = 4;
bool all_types = 5;
+ string client_id =6;
}
message ResourceCredentialSummaries {
diff --git a/custos-core-services/resource-secret-core-service/src/main/resources/bootstrap.properties b/custos-core-services/resource-secret-core-service/src/main/resources/bootstrap.properties
index ffe5611..da2d184 100644
--- a/custos-core-services/resource-secret-core-service/src/main/resources/bootstrap.properties
+++ b/custos-core-services/resource-secret-core-service/src/main/resources/bootstrap.properties
@@ -17,7 +17,7 @@
# under the License.
#
-spring.cloud.vault.token=s.8ey5QlIlHR7jG5AMP6vVgVi5
+spring.cloud.vault.token={{vault_token}}
spring.cloud.vault.scheme=http
spring.cloud.vault.host=vault.custos.scigap.org
spring.cloud.vault.port=30249
diff --git a/custos-core-services/utility-services/custos-configuration-service/src/main/resources/iamAdminCoreService.properties b/custos-core-services/utility-services/custos-configuration-service/src/main/resources/iamAdminCoreService.properties
index c0c440e..88a2717 100644
--- a/custos-core-services/utility-services/custos-configuration-service/src/main/resources/iamAdminCoreService.properties
+++ b/custos-core-services/utility-services/custos-configuration-service/src/main/resources/iamAdminCoreService.properties
@@ -2,8 +2,8 @@ iam.server.client.id=admin-cli
iam.server.truststore.path=/home/ubuntu/keystore/keycloak-client-truststore.pkcs12
iam.server.truststore.password=keycloak
iam.server.url=https://keycloak.custos.scigap.org:31000/auth/
-iam.server.admin.username={{vault_iam_username}}
-iam.server.admin.password={{vault_iam_password}}
+iam.server.admin.username={{vault_keycloak_username}}
+iam.server.admin.password={{vault_keycloak_password}}
iam.server.super.admin.realm.id=master
iam.federated.cilogon.authorization.endpoint=https://cilogon.org/authorize
iam.federated.cilogon.token.endpoint=https://cilogon.org/oauth2/token
@@ -19,5 +19,5 @@ user.info.endpoint=https://custos.scigap.org/apiserver/user-management/v1.0.0/us
jwks_uri=https://custos.scigap.org/apiserver/identity-management/v1.0.0/certs
registration.endpoint=https://custos.scigap.org/apiserver/tenant-management/v1.0.0/oauth2/tenant
ciLogon.admin.client.id={{vault_cilogon_id}}
-ciLogon.admin.client.secret={{vault_cilogon_password}}
+ciLogon.admin.client.secret={{vault_cilogon_secret}}
ciLogon.admin.auth.endpoint=https://test.cilogon.org/oauth2/oidc-cm
\ No newline at end of file
diff --git a/custos-core-services/utility-services/custos-configuration-service/src/main/resources/identityCoreService.properties b/custos-core-services/utility-services/custos-configuration-service/src/main/resources/identityCoreService.properties
index d1c4e17..85d0c2a 100644
--- a/custos-core-services/utility-services/custos-configuration-service/src/main/resources/identityCoreService.properties
+++ b/custos-core-services/utility-services/custos-configuration-service/src/main/resources/identityCoreService.properties
@@ -30,3 +30,15 @@ end.session.endpoint=https://custos.scigap.org/apiserver/identity-management/v1.
user.info.endpoint=https://custos.scigap.org/apiserver/user-management/v1.0.0/userinfo
jwks_uri=https://custos.scigap.org/apiserver/identity-management/v1.0.0/certs
registration.endpoint=https://custos.scigap.org:/apiserver/tenant-management/v1.0.0/oauth2/tenant
+iam.server.client.id=admin-cli
+iam.server.admin.username={{vault_keycloak_username}}
+iam.server.admin.password={{vault_keycloak_pasword}}
+iam.server.super.admin.realm.id=master
+iam.federated.cilogon.authorization.endpoint=https://cilogon.org/authorize
+iam.federated.cilogon.token.endpoint=https://cilogon.org/oauth2/token
+iam.federated.cilogon.token.userinfo.endpoint=https://cilogon.org/oauth2/userinfo
+iam.federated.cilogon.issuer=https://cilogon.org
+iam.federated.cilogon.jwksUri=https://cilogon.org/oauth2/certs
+ciLogon.admin.client.id={{vault_cilogin_username}}
+ciLogon.admin.client.secret={{vault_cilogin_password}}
+ciLogon.admin.auth.endpoint=https://test.cilogon.org/oauth2/oidc-cm
diff --git a/custos-core-services/utility-services/custos-configuration-service/src/main/resources/resourceSecretManagementService.properties b/custos-core-services/utility-services/custos-configuration-service/src/main/resources/resourceSecretManagementService.properties
index ee45823..70d52c6 100644
--- a/custos-core-services/utility-services/custos-configuration-service/src/main/resources/resourceSecretManagementService.properties
+++ b/custos-core-services/utility-services/custos-configuration-service/src/main/resources/resourceSecretManagementService.properties
@@ -31,4 +31,6 @@ user.profile.core.service.dns.name=user-profile-core-service.custos.svc.cluster.
user.profile.core.service.port=7000
iam.server.url=https://keycloak.custos.scigap.org:31000/auth/
cluster.management.core.service.dns.name=cluster-management-core-service.custos.svc.cluster.local
-cluster.management.core.service.port=7000
\ No newline at end of file
+cluster.management.core.service.port=7000
+resource.secret.service.dns.name=resource-secret-core-service.custos.svc.cluster.local
+resource.secret.service.port=7000
\ No newline at end of file
diff --git a/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java b/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
index 973f910..d77b2ee 100644
--- a/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
+++ b/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
@@ -21,9 +21,7 @@ package org.apache.custos.integration.services.commons.interceptors;
import io.grpc.Metadata;
import org.apache.custos.credential.store.client.CredentialStoreServiceClient;
-import org.apache.custos.credential.store.service.GetAllCredentialsResponse;
-import org.apache.custos.credential.store.service.TokenRequest;
-import org.apache.custos.credential.store.service.Type;
+import org.apache.custos.credential.store.service.*;
import org.apache.custos.identity.client.IdentityClient;
import org.apache.custos.identity.service.AuthToken;
import org.apache.custos.identity.service.Claim;
@@ -34,6 +32,7 @@ import org.apache.custos.integration.services.commons.model.AuthClaim;
import org.apache.custos.tenant.profile.client.async.TenantProfileClient;
import org.apache.custos.tenant.profile.service.GetTenantRequest;
import org.apache.custos.tenant.profile.service.GetTenantResponse;
+import org.apache.custos.tenant.profile.service.Tenant;
import org.apache.custos.tenant.profile.service.TenantStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -196,6 +195,50 @@ public abstract class AuthInterceptor implements IntegrationServiceInterceptor {
return token.trim();
}
+
+ /**
+ * Authorize tenant request by checking validity of calling tenant and its child tenant given by clientId
+ * @param headers parentTenant Headers
+ * @param childClientId childTenant Headers
+ * @return AuthClaim of child tenant
+ */
+ public AuthClaim authorizeWithParentChildTenantValidationByBasicAuth(Metadata headers, String childClientId) {
+ AuthClaim authClaim = authorize(headers);
+
+ if (authClaim == null) {
+ return null;
+ }
+
+ if (childClientId == null || childClientId.trim().equals("")) {
+ return authClaim;
+ }
+
+ GetCredentialRequest request = GetCredentialRequest
+ .newBuilder()
+ .setId(childClientId).build();
+
+
+ CredentialMetadata metadata = credentialStoreServiceClient.getCustosCredentialFromClientId(request);
+
+ AuthClaim childClaim = getAuthClaim(metadata);
+
+ boolean statusValidation = validateTenantStatus(childClaim.getTenantId());
+
+ if (!statusValidation) {
+ return null;
+ }
+
+ boolean relationShipValidation = validateParentChildTenantRelationShip(authClaim.getTenantId(), childClaim.getTenantId());
+
+ if (!relationShipValidation) {
+ return null;
+ }
+
+ return childClaim;
+
+ }
+
+
private AuthClaim getAuthClaim(GetAllCredentialsResponse response) {
if (response == null || response.getSecretListCount() == 0) {
LOGGER.info("Nulling " + response.getSecretListCount());
@@ -250,4 +293,72 @@ public abstract class AuthInterceptor implements IntegrationServiceInterceptor {
}
+ private AuthClaim getAuthClaim(CredentialMetadata metadata) {
+ AuthClaim authClaim = new AuthClaim();
+ if (metadata.getType() == Type.CUSTOS) {
+ authClaim.setTenantId(metadata.getOwnerId());
+ authClaim.setCustosId(metadata.getId());
+ authClaim.setCustosSecret(metadata.getSecret());
+ authClaim.setCustosIdIssuedAt(metadata.getClientIdIssuedAt());
+ authClaim.setCustosSecretExpiredAt(metadata.getClientSecretExpiredAt());
+ authClaim.setAdmin(metadata.getSuperAdmin());
+ authClaim.setSuperTenant(metadata.getSuperTenant());
+ } else if (metadata.getType() == Type.IAM) {
+ authClaim.setIamAuthId(metadata.getId());
+ authClaim.setIamAuthSecret(metadata.getSecret());
+
+ } else if (metadata.getType() == Type.CILOGON) {
+ authClaim.setCiLogonId(metadata.getId());
+ authClaim.setCiLogonSecret(metadata.getSecret());
+ } else if (metadata.getType() == Type.AGENT_CLIENT) {
+ authClaim.setAgentClientId(metadata.getId());
+ authClaim.setAgentClientSecret(metadata.getSecret());
+ } else if (metadata.getType() == Type.AGENT) {
+ authClaim.setAgentId(metadata.getId());
+ authClaim.setAgentPassword(metadata.getInternalSec());
+ }
+ return authClaim;
+
+ }
+
+
+ private boolean validateTenantStatus(long tenantId) {
+ GetTenantRequest tenantRequest = GetTenantRequest
+ .newBuilder()
+ .setTenantId(tenantId)
+ .build();
+
+ GetTenantResponse tentResp = tenantProfileClient.getTenant(tenantRequest);
+
+ if (tentResp.getTenant() != null && tentResp.getTenant().getTenantStatus().equals(TenantStatus.ACTIVE)) {
+ return true;
+ }
+ return false;
+ }
+
+
+ private boolean validateParentChildTenantRelationShip(long parentId, long childTenantId) {
+
+ GetTenantRequest childTenantReq = GetTenantRequest
+ .newBuilder()
+ .setTenantId(childTenantId)
+ .build();
+
+ GetTenantResponse childTenantRes = tenantProfileClient.getTenant(childTenantReq);
+
+ Tenant childTenant = childTenantRes.getTenant();
+
+ // referring to same tenant
+ if (childTenant != null && childTenant.getTenantId() == parentId) {
+ return true;
+ }
+
+ //referring to child tenant
+ if (childTenant != null && childTenant.getTenantId() != parentId && childTenant.getParentTenantId() == parentId) {
+ return true;
+ }
+
+ return false;
+ }
+
}
diff --git a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service-sidecar/src/main/resources/resource-secret-management-service.pb b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service-sidecar/src/main/resources/resource-secret-management-service.pb
index 1faef12..e39481d 100644
Binary files a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service-sidecar/src/main/resources/resource-secret-management-service.pb and b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service-sidecar/src/main/resources/resource-secret-management-service.pb differ
diff --git a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/ClientAuthInterceptorImpl.java b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/ClientAuthInterceptorImpl.java
index ca2d3fb..634e28b 100644
--- a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/ClientAuthInterceptorImpl.java
+++ b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/ClientAuthInterceptorImpl.java
@@ -26,7 +26,7 @@ import org.apache.custos.identity.service.GetJWKSRequest;
import org.apache.custos.integration.core.exceptions.NotAuthorizedException;
import org.apache.custos.integration.services.commons.interceptors.AuthInterceptor;
import org.apache.custos.integration.services.commons.model.AuthClaim;
-import org.apache.custos.resource.secret.service.GetSecretRequest;
+import org.apache.custos.resource.secret.service.*;
import org.apache.custos.tenant.profile.client.async.TenantProfileClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -83,6 +83,61 @@ public class ClientAuthInterceptorImpl extends AuthInterceptor {
.setTenantId(tenantId)
.build();
+ } else if (method.equals("getAllResourceCredentialSummaries")) {
+ String clientId = ((GetResourceCredentialSummariesRequest) reqT).getClientId();
+
+ AuthClaim claim = authorizeWithParentChildTenantValidationByBasicAuth(headers, clientId);
+ if (claim == null) {
+ throw new NotAuthorizedException("Request is not authorized", null);
+ }
+ return (ReqT) ((GetResourceCredentialSummariesRequest) reqT).toBuilder().setTenantId(claim.getTenantId()).build();
+
+
+ } else if (method.equals("addSSHCredential")) {
+ String clientId = ((SSHCredential) reqT).getMetadata().getClientId();
+
+ AuthClaim claim = authorizeWithParentChildTenantValidationByBasicAuth(headers, clientId);
+ if (claim == null) {
+ throw new NotAuthorizedException("Request is not authorized", null);
+ }
+ SecretMetadata metadata = ((SSHCredential) reqT).getMetadata().toBuilder().setTenantId(claim.getTenantId()).build();
+
+ return (ReqT) ((SSHCredential) reqT).toBuilder().setMetadata(metadata).build();
+
+
+ } else if (method.equals("addPasswordCredential")) {
+ String clientId = ((PasswordCredential) reqT).getMetadata().getClientId();
+
+ AuthClaim claim = authorizeWithParentChildTenantValidationByBasicAuth(headers, clientId);
+ if (claim == null) {
+ throw new NotAuthorizedException("Request is not authorized", null);
+ }
+ SecretMetadata metadata = ((PasswordCredential) reqT).getMetadata().toBuilder().setTenantId(claim.getTenantId()).build();
+
+ return (ReqT) ((PasswordCredential) reqT).toBuilder().setMetadata(metadata).build();
+
+ } else if (method.equals("addCertificateCredential")) {
+ String clientId = ((CertificateCredential) reqT).getMetadata().getClientId();
+
+ AuthClaim claim = authorizeWithParentChildTenantValidationByBasicAuth(headers, clientId);
+ if (claim == null) {
+ throw new NotAuthorizedException("Request is not authorized", null);
+ }
+ SecretMetadata metadata = ((CertificateCredential) reqT).getMetadata().toBuilder().setTenantId(claim.getTenantId()).build();
+
+ return (ReqT) ((CertificateCredential) reqT).toBuilder().setMetadata(metadata).build();
+
+ } else if (method.equals("getSSHCredential") || method.equals("getPasswordCredential") || method.equals("getCertificateCredential")
+ || method.equals("deleteSSHCredential") || method.equals("deletePWDCredential") || method.equals("deleteCertificateCredential")
+ || method.equals("getResourceCredentialSummary")) {
+ String clientId = ((GetResourceCredentialByTokenRequest) reqT).getClientId();
+
+ AuthClaim claim = authorizeWithParentChildTenantValidationByBasicAuth(headers, clientId);
+ if (claim == null) {
+ throw new NotAuthorizedException("Request is not authorized", null);
+ }
+ return (ReqT) ((GetResourceCredentialByTokenRequest) reqT).toBuilder().setTenantId(claim.getTenantId()).build();
+
}
return reqT;
}
diff --git a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/InputValidator.java b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/InputValidator.java
index 9f42a4a..3309950 100644
--- a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/InputValidator.java
+++ b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/InputValidator.java
@@ -23,6 +23,9 @@ package org.apache.custos.resource.secret.management.interceptors;
import io.grpc.Metadata;
import org.apache.custos.integration.core.exceptions.MissingParameterException;
import org.apache.custos.integration.core.interceptor.IntegrationServiceInterceptor;
+import org.apache.custos.resource.secret.service.CertificateCredential;
+import org.apache.custos.resource.secret.service.PasswordCredential;
+import org.apache.custos.resource.secret.service.SSHCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
@@ -61,6 +64,37 @@ public class InputValidator implements IntegrationServiceInterceptor {
@Override
public <ReqT> ReqT intercept(String method, Metadata headers, ReqT msg) {
validate(method, msg, headers);
+
+ if (method.equals("addSSHCredential") || method.equals("addPasswordCredential")
+ || method.equals("addCertificateCredential")) {
+ validateSecretMetadata(msg, method);
+ }
return msg;
}
+
+
+ private boolean validateSecretMetadata(Object msg, String method) {
+ if (msg instanceof SSHCredential) {
+ SSHCredential request = (SSHCredential) msg;
+
+ if (request.getMetadata() == null) {
+ throw new MissingParameterException("SecretMetadata should not be null ", null);
+ }
+
+ } else if (msg instanceof PasswordCredential) {
+ PasswordCredential request = (PasswordCredential) msg;
+ if (request.getMetadata() == null) {
+ throw new MissingParameterException("SecretMetadata should not be null ", null);
+ }
+ } else if (msg instanceof CertificateCredential) {
+ CertificateCredential request = (CertificateCredential) msg;
+ if (request.getMetadata() == null) {
+ throw new MissingParameterException("SecretMetadata should not be null ", null);
+ }
+ } else {
+ throw new RuntimeException("Unexpected input type for method " + method);
+ }
+ return true;
+ }
+
}
diff --git a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/service/ResourceSecretManagementService.java b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/service/ResourceSecretManagementService.java
index d00e801..ee48a50 100644
--- a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/service/ResourceSecretManagementService.java
+++ b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/service/ResourceSecretManagementService.java
@@ -27,11 +27,9 @@ import org.apache.custos.cluster.management.service.GetServerCertificateRequest;
import org.apache.custos.cluster.management.service.GetServerCertificateResponse;
import org.apache.custos.identity.client.IdentityClient;
import org.apache.custos.identity.service.GetJWKSRequest;
+import org.apache.custos.resource.secret.client.ResourceSecretClient;
import org.apache.custos.resource.secret.management.service.ResourceSecretManagementServiceGrpc.ResourceSecretManagementServiceImplBase;
-import org.apache.custos.resource.secret.service.GetSecretRequest;
-import org.apache.custos.resource.secret.service.ResourceOwnerType;
-import org.apache.custos.resource.secret.service.ResourceType;
-import org.apache.custos.resource.secret.service.SecretMetadata;
+import org.apache.custos.resource.secret.service.*;
import org.lognet.springboot.grpc.GRpcService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -48,10 +46,13 @@ public class ResourceSecretManagementService extends ResourceSecretManagementSer
@Autowired
private IdentityClient identityClient;
+ @Autowired
+ private ResourceSecretClient resourceSecretClient;
+
@Override
public void getSecret(GetSecretRequest request,
StreamObserver<SecretMetadata> responseObserver) {
- LOGGER.debug("Request received to getSecret ");
+ LOGGER.debug("Request received to get secret ");
try {
if (request.getMetadata().getOwnerType() == ResourceOwnerType.CUSTOS &&
@@ -76,7 +77,7 @@ public class ResourceSecretManagementService extends ResourceSecretManagementSer
@Override
public void getJWKS(GetJWKSRequest request, StreamObserver<Struct> responseObserver) {
- LOGGER.debug("Request received to getJWKS " + request.getTenantId());
+ LOGGER.debug("Request received to get JWKS " + request.getTenantId());
try {
Struct struct = identityClient.getJWKS(request);
@@ -91,4 +92,174 @@ public class ResourceSecretManagementService extends ResourceSecretManagementSer
responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
}
}
+
+ @Override
+ public void getResourceCredentialSummary(GetResourceCredentialByTokenRequest request, StreamObserver<SecretMetadata> responseObserver) {
+ LOGGER.debug("Request received to get ResourceCredentialSummary of " + request.getToken());
+ try {
+
+ SecretMetadata metadata = resourceSecretClient.getResourceCredentialSummary(request);
+ responseObserver.onNext(metadata);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while fetching resource credential summary : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void getAllResourceCredentialSummaries(GetResourceCredentialSummariesRequest request, StreamObserver<ResourceCredentialSummaries> responseObserver) {
+ LOGGER.debug("Request received to get AllResourceCredentialSummaries in tenant " + request.getTenantId());
+ try {
+
+ ResourceCredentialSummaries response = resourceSecretClient.getAllResourceCredentialSummaries(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while fetching all resource credential summaries : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void addSSHCredential(SSHCredential request, StreamObserver<AddResourceCredentialResponse> responseObserver) {
+ LOGGER.debug("Request received to add SSHCredential ");
+ try {
+
+ AddResourceCredentialResponse response = resourceSecretClient.addSSHCredential(request);
+
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred whiling saving SSH credentials : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void addPasswordCredential(PasswordCredential request, StreamObserver<AddResourceCredentialResponse> responseObserver) {
+ LOGGER.debug("Request received to add PasswordCredential ");
+ try {
+
+ AddResourceCredentialResponse response = resourceSecretClient.addPasswordCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while saving password credential : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void addCertificateCredential(CertificateCredential request, StreamObserver<AddResourceCredentialResponse> responseObserver) {
+ LOGGER.debug("Request received to add CertificateCredential ");
+ try {
+
+ AddResourceCredentialResponse response = resourceSecretClient.addCertificateCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while saving certificate credential : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+
+
+ }
+
+ @Override
+ public void getSSHCredential(GetResourceCredentialByTokenRequest request, StreamObserver<SSHCredential> responseObserver) {
+ LOGGER.debug("Request received to get SSHCredential ");
+ try {
+
+ SSHCredential response = resourceSecretClient.getSSHCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while fetching SSH credentials : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void getPasswordCredential(GetResourceCredentialByTokenRequest request, StreamObserver<PasswordCredential> responseObserver) {
+ LOGGER.debug("Request received to get PasswordCredential " + request.getTenantId());
+ try {
+
+ PasswordCredential response = resourceSecretClient.getPasswordCredential(request);
+
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while fetching password credentials : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void getCertificateCredential(GetResourceCredentialByTokenRequest request, StreamObserver<CertificateCredential> responseObserver) {
+ LOGGER.debug("Request received to get CertificateCredential " + request.getTenantId());
+ try {
+
+ CertificateCredential response = resourceSecretClient.getCertificateCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while fetching certificate credential : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void deleteSSHCredential(GetResourceCredentialByTokenRequest request, StreamObserver<ResourceCredentialOperationStatus> responseObserver) {
+ LOGGER.debug("Request received to delete SSHCredential " + request.getTenantId());
+ try {
+
+ ResourceCredentialOperationStatus response = resourceSecretClient.deleteSSHCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting SSH credential : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void deletePWDCredential(GetResourceCredentialByTokenRequest request, StreamObserver<ResourceCredentialOperationStatus> responseObserver) {
+ LOGGER.debug("Request received to delete PWDCredential " + request.getTenantId());
+ try {
+
+ ResourceCredentialOperationStatus response = resourceSecretClient.deletePWDCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting password credential : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
+
+ @Override
+ public void deleteCertificateCredential(GetResourceCredentialByTokenRequest request, StreamObserver<ResourceCredentialOperationStatus> responseObserver) {
+ LOGGER.debug("Request received to delete CertificateCredential " + request.getTenantId());
+ try {
+ ResourceCredentialOperationStatus response = resourceSecretClient.deleteCertificateCredential(request);
+ responseObserver.onNext(response);
+ responseObserver.onCompleted();
+
+ } catch (Exception ex) {
+ String msg = "Error occurred while deleting certificate credential : " + ex.getMessage();
+ LOGGER.error(msg, ex);
+ responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
+ }
+ }
}
diff --git a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/proto/ResourceSecretManagementService.proto b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/proto/ResourceSecretManagementService.proto
index 4c7a945..9b97af4 100644
--- a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/proto/ResourceSecretManagementService.proto
+++ b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/proto/ResourceSecretManagementService.proto
@@ -30,8 +30,6 @@ import "ResourceSecretService.proto";
import "IdentityService.proto";
-
-
service ResourceSecretManagementService {
rpc getSecret (org.apache.custos.resource.secret.service.GetSecretRequest) returns (org.apache.custos.resource.secret.service.SecretMetadata) {
@@ -40,10 +38,68 @@ service ResourceSecretManagementService {
};
}
- rpc getJWKS(org.apache.custos.identity.service.GetJWKSRequest) returns (google.protobuf.Struct) {
+ rpc getJWKS (org.apache.custos.identity.service.GetJWKSRequest) returns (google.protobuf.Struct) {
option (google.api.http) = {
get: "/resource-secret-management/v1.0.0/openid-connect/certs"
};
}
+ rpc getResourceCredentialSummary (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.SecretMetadata) {
+ option (google.api.http) = {
+ get: "/resource-secret-management/v1.0.0/secret/summary"
+ };
+ }
+ rpc getAllResourceCredentialSummaries (org.apache.custos.resource.secret.service.GetResourceCredentialSummariesRequest) returns (org.apache.custos.resource.secret.service.ResourceCredentialSummaries) {
+ option (google.api.http) = {
+ get: "/resource-secret-management/v1.0.0/secret/summaries"
+ };
+ }
+ rpc addSSHCredential (org.apache.custos.resource.secret.service.SSHCredential) returns (org.apache.custos.resource.secret.service.AddResourceCredentialResponse) {
+ option (google.api.http) = {
+ post: "/resource-secret-management/v1.0.0/secret/ssh"
+ };
+ }
+ rpc addPasswordCredential (org.apache.custos.resource.secret.service.PasswordCredential) returns (org.apache.custos.resource.secret.service.AddResourceCredentialResponse) {
+ option (google.api.http) = {
+ post: "/resource-secret-management/v1.0.0/secret/password"
+ };
+ }
+ rpc addCertificateCredential (org.apache.custos.resource.secret.service.CertificateCredential) returns (org.apache.custos.resource.secret.service.AddResourceCredentialResponse) {
+ option (google.api.http) = {
+ get: "/resource-secret-management/v1.0.0/secret/certificate"
+ };
+ }
+
+ rpc getSSHCredential (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.SSHCredential) {
+ option (google.api.http) = {
+ get: "/resource-secret-management/v1.0.0/secret/ssh"
+ };
+ }
+ rpc getPasswordCredential (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.PasswordCredential) {
+ option (google.api.http) = {
+ get: "/resource-secret-management/v1.0.0/secret/password"
+ };
+ }
+ rpc getCertificateCredential (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.CertificateCredential) {
+ option (google.api.http) = {
+ get: "/resource-secret-management/v1.0.0/secret/certificate"
+ };
+ }
+
+ rpc deleteSSHCredential (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.ResourceCredentialOperationStatus) {
+ option (google.api.http) = {
+ delete: "/resource-secret-management/v1.0.0/secret/ssh"
+ };
+ }
+ rpc deletePWDCredential (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.ResourceCredentialOperationStatus) {
+ option (google.api.http) = {
+ delete: "/resource-secret-management/v1.0.0/secret/password"
+ };
+ }
+ rpc deleteCertificateCredential (org.apache.custos.resource.secret.service.GetResourceCredentialByTokenRequest) returns (org.apache.custos.resource.secret.service.ResourceCredentialOperationStatus) {
+ option (google.api.http) = {
+ delete: "/resource-secret-management/v1.0.0/secret/certificate"
+ };
+ }
+
}
\ No newline at end of file