adding iam-admin-services-core files
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/1a977c06 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/1a977c06 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/1a977c06 Branch: refs/heads/develop Commit: 1a977c06cfefcf545edb550d0dd05dd872ce0453 Parents: 94f8748 Author: Anuj Bhandar <[email protected]> Authored: Thu Apr 27 13:56:40 2017 -0400 Committer: Anuj Bhandar <[email protected]> Committed: Thu Apr 27 15:22:54 2017 -0400 ---------------------------------------------------------------------- .../iam-admin-services-core/pom.xml | 50 +++- .../core/impl/TenantManagementKeycloakImpl.java | 253 +++++++++++++++++++ .../interfaces/TenantManagementInterface.java | 39 +++ .../services/core/tests/SetupNewGateway.java | 73 ++++++ .../profile-service-server/pom.xml | 5 + .../handlers/IamAdminServicesHandler.java | 14 + .../common/utils/ApplicationSettings.java | 8 + .../airavata/common/utils/ServerSettings.java | 4 + .../main/resources/airavata-server.properties | 8 +- .../iam-admin-services-cpi.thrift | 2 +- 10 files changed, 453 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/pom.xml ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/pom.xml b/airavata-services/profile-service/iam-admin-services-core/pom.xml index be7e409..dcf637e 100644 --- a/airavata-services/profile-service/iam-admin-services-core/pom.xml +++ b/airavata-services/profile-service/iam-admin-services-core/pom.xml @@ -13,7 +13,55 @@ <artifactId>iam-admin-services-core</artifactId> - <name>Profile User Core</name> + <name>Iam Admin Services</name> + <dependencies> + <dependency> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + <version>3.1</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient --> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>4.5.3</version> + </dependency> + <!-- https://mvnrepository.com/artifact/javax.ws.rs/javax.ws.rs-api --> + <dependency> + <groupId>javax.ws.rs</groupId> + <artifactId>javax.ws.rs-api</artifactId> + <version>2.0.1</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-client --> + <dependency> + <groupId>org.jboss.resteasy</groupId> + <artifactId>resteasy-client</artifactId> + <version>3.1.2.Final</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-jackson2-provider --> + <dependency> + <groupId>org.jboss.resteasy</groupId> + <artifactId>resteasy-jackson2-provider</artifactId> + <version>3.1.2.Final</version> + </dependency> + <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client --> + <!-- https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client --> + <dependency> + <groupId>org.keycloak</groupId> + <artifactId>keycloak-admin-client</artifactId> + <version>2.5.5.Final</version> + </dependency> + <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>airavata-credential-store</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>profile-service-stubs</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> </project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java new file mode 100644 index 0000000..f688328 --- /dev/null +++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java @@ -0,0 +1,253 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + + private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + + private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + + return Keycloak.getInstance( + adminUrl, + realm, // the realm to log in to + AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user + "admin-cli"); // admin-cli is the client ID used for keycloak admin operations. + } + + @Override + public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { + try { + // get client + Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); + // create realm + RealmRepresentation newRealmDetails = new RealmRepresentation(); + newRealmDetails.setEnabled(true); + newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); + newRealmDetails.setRealm(gatewayDetails.getGatewayId()); + RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); + client.realms().create(realmWithRoles); + return gatewayDetails; + } catch (ApplicationSettingsException ex) { + logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); + throw exception; + } catch (Exception ex){ + logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); + throw exception; + } + } + + public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ + List<RoleRepresentation> defaultRoles = new ArrayList<RoleRepresentation>(); + RoleRepresentation adminRole = new RoleRepresentation(); + adminRole.setName("admin"); + adminRole.setDescription("Admin role for PGA users"); + defaultRoles.add(adminRole); + RoleRepresentation adminReadOnlyRole = new RoleRepresentation(); + adminReadOnlyRole.setName("admin-read-only"); + adminReadOnlyRole.setDescription("Read only role for PGA Admin users"); + defaultRoles.add(adminReadOnlyRole); + RoleRepresentation gatewayUserRole = new RoleRepresentation(); + gatewayUserRole.setName("gateway-user"); + gatewayUserRole.setDescription("default role for PGA users"); + defaultRoles.add(gatewayUserRole); + RolesRepresentation rolesRepresentation = new RolesRepresentation(); + rolesRepresentation.setRealm(defaultRoles); + realmDetails.setRoles(rolesRepresentation); + return realmDetails; + } + + public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{ + try{ + Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); + UserRepresentation user = new UserRepresentation(); + user.setUsername(gatewayDetails.getIdentityServerUserName()); + user.setFirstName(gatewayDetails.getGatewayAdminFirstName()); + user.setLastName(gatewayDetails.getGatewayAdminLastName()); + user.setEmail(gatewayDetails.getGatewayAdminEmail()); + user.setEnabled(true); + List<String> requiredActionList = new ArrayList<>(); + requiredActionList.add("UPDATE_PASSWORD"); + user.setRequiredActions(requiredActionList); + Response httpResponse = client.realm(gatewayDetails.getGatewayId()).users().create(user); + logger.info("Tenant Admin account creation exited with code : " + httpResponse.getStatus()+" : " +httpResponse.getStatusInfo()); + if (httpResponse.getStatus() == 201) { //HTTP code for record creation: HTTP 201 + List<UserRepresentation> retrieveCreatedUserList = client.realm(gatewayDetails.getGatewayId()).users().search(user.getUsername(), + user.getFirstName(), + user.getLastName(), + user.getEmail(), + 0, 1); + UserResource retrievedUser = client.realm(gatewayDetails.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId()); + CredentialRepresentation credential = new CredentialRepresentation(); + credential.setType(CredentialRepresentation.PASSWORD); + credential.setValue(ServerSettings.getGatewayAdminTempPwd()); + credential.setTemporary(true); + retrievedUser.resetPassword(credential); + List<ClientRepresentation> realmClients = client.realm(gatewayDetails.getGatewayId()).clients().findAll(); + String realmManagementClientId=null; + for(ClientRepresentation realmClient : realmClients){ + if(realmClient.getClientId().equals("realm-management")){ + realmManagementClientId = realmClient.getId(); + } + } + retrievedUser.roles().clientLevel(realmManagementClientId).add(retrievedUser.roles().clientLevel(realmManagementClientId).listAvailable()); + return true; + } else { + logger.error("Request for Tenant Admin Account Creation failed with HTTP code : " + httpResponse.getStatus()); + logger.error("Reason for Tenant Admin account creation failure : " + httpResponse.getStatusInfo()); + return false; + } + }catch (ApplicationSettingsException ex) { + logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error getting values from property file, reason " + ex.getMessage()); + throw exception; + }catch (Exception ex){ + logger.error("Error creating Realm Admin Account in keycloak server, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error creating Realm Admin Account in keycloak server, reason: " + ex.getMessage()); + throw exception; + } + } + + public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException{ + try{ + Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); + ClientRepresentation pgaClient = new ClientRepresentation(); + pgaClient.setName("pga"); + pgaClient.setClientId("pga"); + pgaClient.setProtocol("openid-connect"); + pgaClient.setStandardFlowEnabled(true); + pgaClient.setEnabled(true); + pgaClient.setAuthorizationServicesEnabled(true); + pgaClient.setDirectAccessGrantsEnabled(true); + pgaClient.setServiceAccountsEnabled(true); + pgaClient.setFullScopeAllowed(true); + pgaClient.setClientAuthenticatorType("client-secret"); + String[] defaultRoles = {"gateway-user"}; + pgaClient.setDefaultRoles(defaultRoles); + List<String> redirectUris = new ArrayList<>(); + redirectUris.add("http://accord.scigap.org/callback-url";); + pgaClient.setRedirectUris(redirectUris); + pgaClient.setPublicClient(false); + Response httpResponse = client.realms().realm(gatewayDetails.getGatewayId()).clients().create(pgaClient); + logger.info("Tenant Client configuration exited with code : " + httpResponse.getStatus()+" : " +httpResponse.getStatusInfo()); + if(httpResponse.getStatus() == 201){ + String ClientUUID = client.realms().realm(gatewayDetails.getGatewayId()).clients().findByClientId(pgaClient.getClientId()).get(0).getId(); + CredentialRepresentation clientSecret = client.realms().realm(gatewayDetails.getGatewayId()).clients().get(ClientUUID).getSecret(); + gatewayDetails.setOauthClientId(pgaClient.getClientId()); + gatewayDetails.setOauthClientSecret(clientSecret.getValue()); + return gatewayDetails; + } else { + logger.error("Request for Realm Client Creation failed with HTTP code : " + httpResponse.getStatus()); + logger.error("Reason for Realm Client Creation failure : " + httpResponse.getStatusInfo()); + return null; + } + }catch (ApplicationSettingsException ex) { + logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error getting values from property file, reason " + ex.getMessage()); + throw exception; + } + } + + public boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile, String newPassword) throws IamAdminServicesException{ + try{ + Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userProfile.getGatewayId(), realmAdminCreds); + UserRepresentation user = new UserRepresentation(); + user.setUsername(userProfile.getUserId()); + //ToDo: userProfile donot have firstname and lastname, putting Full name in keycloak's firstname field. + user.setFirstName(userProfile.getUserName()); + // Always takes the first value + List<String> emails = userProfile.getEmails(); + user.setEmail(emails.get(0)); + user.setEnabled(false); + Response httpResponse = client.realm(userProfile.getGatewayId()).users().create(user); + if (httpResponse.getStatus() == 201) { //HTTP code for record creation: HTTP 201 + List<UserRepresentation> retrieveCreatedUserList = client.realm(userProfile.getGatewayId()).users().search(user.getUsername(), + user.getFirstName(), + user.getLastName(), + user.getEmail(), + 0, 1); + UserResource retrievedUser = client.realm(userProfile.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId()); + CredentialRepresentation credential = new CredentialRepresentation(); + credential.setType(CredentialRepresentation.PASSWORD); + credential.setValue(newPassword); + credential.setTemporary(false); + retrievedUser.resetPassword(credential); + } else { + logger.error("Request for user Account Creation failed with HTTP code : " + httpResponse.getStatus()); + logger.error("Reason for user account creation failure : " + httpResponse.getStatusInfo()); + return false; + } + }catch (ApplicationSettingsException ex) { + logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error getting values from property file, reason " + ex.getMessage()); + throw exception; + } + return false; + } + + public boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails) throws IamAdminServicesException{ + try{ + Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), userDetails.getGatewayId(), realmAdminAccount); + List<String> emails = userDetails.getEmails(); + List<UserRepresentation> userResourceList = client.realm(userDetails.getGatewayId()).users().search(userDetails.getUserId(),0,1); + UserResource userResource = client.realm(userDetails.getGatewayId()).users().get(userResourceList.get(0).getId()); + UserRepresentation profile = userResource.toRepresentation(); + profile.setEnabled(true); + userResource.update(profile); + return true; + } catch (ApplicationSettingsException ex) { + logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error getting values from property file, reason " + ex.getMessage()); + throw exception; + } + } + +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java new file mode 100644 index 0000000..b11408a --- /dev/null +++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java @@ -0,0 +1,39 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.interfaces; + +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; + +public interface TenantManagementInterface { + + /** + * Method to add Identity server tenant for Airavata gateway creation. + * + * @param isSuperAdminPasswordCreds identity server super admin credentials + * @param gatewayDetails gateway details from workspace catalog + * @return Realm object. + */ + public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException; + +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java new file mode 100644 index 0000000..85578a8 --- /dev/null +++ b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java @@ -0,0 +1,73 @@ +package org.apache.airavata.service.profile.iam.admin.services.core.tests; + + +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.ArrayList; +import java.util.List; + +public class SetupNewGateway { + + private final static Logger logger = LoggerFactory.getLogger(SetupNewGateway.class); + + public static void main(String[] args) { + UserRegistration(); + } + + public static void setUpGateway(){ + Gateway testGateway = new Gateway(); + testGateway.setGatewayId("maven.test.gateway"); + testGateway.setGatewayName("maven test gateway"); + testGateway.setIdentityServerUserName("mavenTest"); + testGateway.setGatewayAdminFirstName("Maven"); + testGateway.setGatewayAdminLastName("Test"); + testGateway.setGatewayAdminEmail("[email protected]"); + PasswordCredential superAdminCreds = new PasswordCredential(); + superAdminCreds.setGatewayId(testGateway.getGatewayId()); + superAdminCreds.setDescription("test credentials for IS admin creation"); + superAdminCreds.setLoginUserName("airavataAdmin"); + superAdminCreds.setPassword("Airavata@123"); + superAdminCreds.setPortalUserName("superAdmin"); + TenantManagementKeycloakImpl client = new TenantManagementKeycloakImpl(); + try { + client.addTenant(superAdminCreds, testGateway); + if (!client.createTenantAdminAccount(superAdminCreds, testGateway)) { + logger.error("Admin account creation failed !!, please refer error logs for reason"); + } + Gateway gatewayWithIdAndSecret = client.configureClient(superAdminCreds, testGateway); + System.out.println(gatewayWithIdAndSecret.getOauthClientId()); + System.out.println(gatewayWithIdAndSecret.getOauthClientSecret()); + } catch (IamAdminServicesException ex) { + logger.error("Gateway Setup Failed, reason: " + ex.getCause(), ex); + } + } + public static void UserRegistration(){ + UserProfile user = new UserProfile(); + user.setUserId("testuser"); + user.setUserName("Anuj Bhandar"); + List<String> emails = new ArrayList<>(); + emails.add("[email protected]"); + user.setGatewayId("maven.test.gateway"); + user.setEmails(emails); + PasswordCredential tenantAdminCreds = new PasswordCredential(); + tenantAdminCreds.setGatewayId(user.getGatewayId()); + tenantAdminCreds.setDescription("test credentials for tenant admin creation"); + tenantAdminCreds.setLoginUserName("mavenTest"); + tenantAdminCreds.setPassword("Test@1234"); + tenantAdminCreds.setPortalUserName("TenantAdmin"); + + TenantManagementKeycloakImpl client = new TenantManagementKeycloakImpl(); + try { + client.createUser(tenantAdminCreds,user,"test@123"); + client.enableUserAccount(tenantAdminCreds,user); + } catch (IamAdminServicesException e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/profile-service-server/pom.xml ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/profile-service-server/pom.xml b/airavata-services/profile-service/profile-service-server/pom.xml index bd51318..9163929 100644 --- a/airavata-services/profile-service/profile-service-server/pom.xml +++ b/airavata-services/profile-service/profile-service-server/pom.xml @@ -49,6 +49,11 @@ <artifactId>airavata-messaging-core</artifactId> <version>${project.version}</version> </dependency> + <dependency> + <groupId>org.apache.airavata</groupId> + <artifactId>iam-admin-services-core</artifactId> + <version>${project.version}</version> + </dependency> </dependencies> </project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java index 113bf3f..311e831 100644 --- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java +++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java @@ -21,9 +21,11 @@ package org.apache.airavata.service.profile.handlers; +import org.apache.airavata.model.credential.store.PasswordCredential; import org.apache.airavata.model.error.AuthorizationException; import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl; import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices; import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants; import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; @@ -49,6 +51,18 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @Override public String setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException { + PasswordCredential isSuperAdminCredentials = new PasswordCredential(); + TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); + try{ + keycloakclient.addTenant(isSuperAdminCredentials,gateway); + if(!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials,gateway)){ + logger.error("Admin account creation failed !!, please refer error logs for reason"); + } + Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials,gateway); + //return gatewayWithIdAndSecret; + } catch (IamAdminServicesException ex){ + logger.error("Gateway Setup Failed, reason: " + ex.getCause(), ex); + } return null; } } http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java ---------------------------------------------------------------------- diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java index 5c438f3..63fb7b0 100644 --- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java +++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ApplicationSettings.java @@ -433,6 +433,14 @@ public class ApplicationSettings { return getSetting(ServerSettings.PROFILE_SERVICE_SERVER_PORT); } + public static String getIamServerUrl() throws ApplicationSettingsException { + return getSetting(ServerSettings.IAM_SERVER_URL); + } + + public static String getGatewayAdminTempPwd() throws ApplicationSettingsException { + return getSetting(ServerSettings.NEW_GATEWAY_ADMIN_TEMP_PASSWORD); + } + /** * @deprecated use {{@link #getSetting(String)}} * @return http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java ---------------------------------------------------------------------- diff --git a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java index e5181eb..f56b330 100644 --- a/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java +++ b/modules/commons/src/main/java/org/apache/airavata/common/utils/ServerSettings.java @@ -133,6 +133,10 @@ public class ServerSettings extends ApplicationSettings { public static final String PROFILE_SERVICE_SERVER_HOST = "profile.service.server.host"; public static final String PROFILE_SERVICE_SERVER_PORT = "profile.service.server.port"; + // Iam Server Constants + public static final String IAM_SERVER_URL = "iam.server.url"; + public static final String NEW_GATEWAY_ADMIN_TEMP_PASSWORD="new.gateway.admin.temp.password"; + /* Caching */ private static final String SESSION_CACHE_ACCESS_TIME_OUT = "ssh.session.cache.access.timeout"; http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/modules/configuration/server/src/main/resources/airavata-server.properties ---------------------------------------------------------------------- diff --git a/modules/configuration/server/src/main/resources/airavata-server.properties b/modules/configuration/server/src/main/resources/airavata-server.properties index 5c7077d..aa4a2f0 100644 --- a/modules/configuration/server/src/main/resources/airavata-server.properties +++ b/modules/configuration/server/src/main/resources/airavata-server.properties @@ -363,4 +363,10 @@ profile.service.jdbc.driver=org.apache.derby.jdbc.ClientDriver #profile.service.jdbc.driver=com.mysql.jdbc.Driver profile.service.jdbc.user=airavata profile.service.jdbc.password=airavata -profile.service.validationQuery=SELECT 1 \ No newline at end of file +profile.service.validationQuery=SELECT 1 + +########################################################################### +# Iam Admin services Configuration +########################################################################### +iam.server.url=https://iam.scigap.org/auth +new.gateway.admin.temp.password=Password@123 \ No newline at end of file http://git-wip-us.apache.org/repos/asf/airavata/blob/1a977c06/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift index 1ae7dfb..ee00165 100644 --- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift +++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift @@ -39,7 +39,7 @@ service IamAdminServices { throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, 2: airavata_errors.AuthorizationException ae) - string setUpGateway (1: required security_model.AuthzToken authzToken, + workspace_model.Gateway setUpGateway (1: required security_model.AuthzToken authzToken, 2: required workspace_model.Gateway gateway) throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, 2: airavata_errors.AuthorizationException ae)
