AIRAVATA-2405 IamAdminService method to get users in role
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/a9d27716 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/a9d27716 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/a9d27716 Branch: refs/heads/develop Commit: a9d277167d6470706b388727679f02bfe1ba265a Parents: 24b869a Author: Marcus Christie <[email protected]> Authored: Mon Jun 26 11:22:41 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Mon Jun 26 11:22:41 2017 -0400 ---------------------------------------------------------------------- .../Iam/Admin/Services/CPI/IamAdminServices.php | 322 +++++ .../core/impl/TenantManagementKeycloakImpl.java | 51 + .../interfaces/TenantManagementInterface.java | 11 + .../handlers/IamAdminServicesHandler.java | 59 +- .../admin/services/cpi/IamAdminServices.java | 1248 ++++++++++++++++++ .../iam-admin-services-cpi.thrift | 5 + 6 files changed, 1676 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/a9d27716/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Service/Iam/Admin/Services/CPI/IamAdminServices.php ---------------------------------------------------------------------- diff --git a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Service/Iam/Admin/Services/CPI/IamAdminServices.php b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Service/Iam/Admin/Services/CPI/IamAdminServices.php index 0697595..963fc80 100644 --- a/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Service/Iam/Admin/Services/CPI/IamAdminServices.php +++ b/airavata-api/airavata-client-sdks/airavata-php-sdk/src/main/resources/lib/Airavata/Service/Iam/Admin/Services/CPI/IamAdminServices.php @@ -95,6 +95,14 @@ interface IamAdminServicesIf { * @throws \Airavata\API\Error\AuthorizationException */ public function removeRoleFromUser(\Airavata\Model\Security\AuthzToken $authzToken, $username, $roleName); + /** + * @param \Airavata\Model\Security\AuthzToken $authzToken + * @param string $roleName + * @return \Airavata\Model\User\UserProfile[] + * @throws \Airavata\Service\Iam\Admin\Services\CPI\Error\IamAdminServicesException + * @throws \Airavata\API\Error\AuthorizationException + */ + public function getUsersWithRole(\Airavata\Model\Security\AuthzToken $authzToken, $roleName); } class IamAdminServicesClient implements \Airavata\Service\Iam\Admin\Services\CPI\IamAdminServicesIf { @@ -634,6 +642,64 @@ class IamAdminServicesClient implements \Airavata\Service\Iam\Admin\Services\CPI throw new \Exception("removeRoleFromUser failed: unknown result"); } + public function getUsersWithRole(\Airavata\Model\Security\AuthzToken $authzToken, $roleName) + { + $this->send_getUsersWithRole($authzToken, $roleName); + return $this->recv_getUsersWithRole(); + } + + public function send_getUsersWithRole(\Airavata\Model\Security\AuthzToken $authzToken, $roleName) + { + $args = new \Airavata\Service\Iam\Admin\Services\CPI\IamAdminServices_getUsersWithRole_args(); + $args->authzToken = $authzToken; + $args->roleName = $roleName; + $bin_accel = ($this->output_ instanceof TBinaryProtocolAccelerated) && function_exists('thrift_protocol_write_binary'); + if ($bin_accel) + { + thrift_protocol_write_binary($this->output_, 'getUsersWithRole', TMessageType::CALL, $args, $this->seqid_, $this->output_->isStrictWrite()); + } + else + { + $this->output_->writeMessageBegin('getUsersWithRole', TMessageType::CALL, $this->seqid_); + $args->write($this->output_); + $this->output_->writeMessageEnd(); + $this->output_->getTransport()->flush(); + } + } + + public function recv_getUsersWithRole() + { + $bin_accel = ($this->input_ instanceof TBinaryProtocolAccelerated) && function_exists('thrift_protocol_read_binary'); + if ($bin_accel) $result = thrift_protocol_read_binary($this->input_, '\Airavata\Service\Iam\Admin\Services\CPI\IamAdminServices_getUsersWithRole_result', $this->input_->isStrictRead()); + else + { + $rseqid = 0; + $fname = null; + $mtype = 0; + + $this->input_->readMessageBegin($fname, $mtype, $rseqid); + if ($mtype == TMessageType::EXCEPTION) { + $x = new TApplicationException(); + $x->read($this->input_); + $this->input_->readMessageEnd(); + throw $x; + } + $result = new \Airavata\Service\Iam\Admin\Services\CPI\IamAdminServices_getUsersWithRole_result(); + $result->read($this->input_); + $this->input_->readMessageEnd(); + } + if ($result->success !== null) { + return $result->success; + } + if ($result->Idse !== null) { + throw $result->Idse; + } + if ($result->ae !== null) { + throw $result->ae; + } + throw new \Exception("getUsersWithRole failed: unknown result"); + } + } // HELPER FUNCTIONS AND STRUCTURES @@ -2871,4 +2937,260 @@ class IamAdminServices_removeRoleFromUser_result { } +class IamAdminServices_getUsersWithRole_args { + static $_TSPEC; + + /** + * @var \Airavata\Model\Security\AuthzToken + */ + public $authzToken = null; + /** + * @var string + */ + public $roleName = null; + + public function __construct($vals=null) { + if (!isset(self::$_TSPEC)) { + self::$_TSPEC = array( + 1 => array( + 'var' => 'authzToken', + 'type' => TType::STRUCT, + 'class' => '\Airavata\Model\Security\AuthzToken', + ), + 2 => array( + 'var' => 'roleName', + 'type' => TType::STRING, + ), + ); + } + if (is_array($vals)) { + if (isset($vals['authzToken'])) { + $this->authzToken = $vals['authzToken']; + } + if (isset($vals['roleName'])) { + $this->roleName = $vals['roleName']; + } + } + } + + public function getName() { + return 'IamAdminServices_getUsersWithRole_args'; + } + + public function read($input) + { + $xfer = 0; + $fname = null; + $ftype = 0; + $fid = 0; + $xfer += $input->readStructBegin($fname); + while (true) + { + $xfer += $input->readFieldBegin($fname, $ftype, $fid); + if ($ftype == TType::STOP) { + break; + } + switch ($fid) + { + case 1: + if ($ftype == TType::STRUCT) { + $this->authzToken = new \Airavata\Model\Security\AuthzToken(); + $xfer += $this->authzToken->read($input); + } else { + $xfer += $input->skip($ftype); + } + break; + case 2: + if ($ftype == TType::STRING) { + $xfer += $input->readString($this->roleName); + } else { + $xfer += $input->skip($ftype); + } + break; + default: + $xfer += $input->skip($ftype); + break; + } + $xfer += $input->readFieldEnd(); + } + $xfer += $input->readStructEnd(); + return $xfer; + } + + public function write($output) { + $xfer = 0; + $xfer += $output->writeStructBegin('IamAdminServices_getUsersWithRole_args'); + if ($this->authzToken !== null) { + if (!is_object($this->authzToken)) { + throw new TProtocolException('Bad type in structure.', TProtocolException::INVALID_DATA); + } + $xfer += $output->writeFieldBegin('authzToken', TType::STRUCT, 1); + $xfer += $this->authzToken->write($output); + $xfer += $output->writeFieldEnd(); + } + if ($this->roleName !== null) { + $xfer += $output->writeFieldBegin('roleName', TType::STRING, 2); + $xfer += $output->writeString($this->roleName); + $xfer += $output->writeFieldEnd(); + } + $xfer += $output->writeFieldStop(); + $xfer += $output->writeStructEnd(); + return $xfer; + } + +} + +class IamAdminServices_getUsersWithRole_result { + static $_TSPEC; + + /** + * @var \Airavata\Model\User\UserProfile[] + */ + public $success = null; + /** + * @var \Airavata\Service\Iam\Admin\Services\CPI\Error\IamAdminServicesException + */ + public $Idse = null; + /** + * @var \Airavata\API\Error\AuthorizationException + */ + public $ae = null; + + public function __construct($vals=null) { + if (!isset(self::$_TSPEC)) { + self::$_TSPEC = array( + 0 => array( + 'var' => 'success', + 'type' => TType::LST, + 'etype' => TType::STRUCT, + 'elem' => array( + 'type' => TType::STRUCT, + 'class' => '\Airavata\Model\User\UserProfile', + ), + ), + 1 => array( + 'var' => 'Idse', + 'type' => TType::STRUCT, + 'class' => '\Airavata\Service\Iam\Admin\Services\CPI\Error\IamAdminServicesException', + ), + 2 => array( + 'var' => 'ae', + 'type' => TType::STRUCT, + 'class' => '\Airavata\API\Error\AuthorizationException', + ), + ); + } + if (is_array($vals)) { + if (isset($vals['success'])) { + $this->success = $vals['success']; + } + if (isset($vals['Idse'])) { + $this->Idse = $vals['Idse']; + } + if (isset($vals['ae'])) { + $this->ae = $vals['ae']; + } + } + } + + public function getName() { + return 'IamAdminServices_getUsersWithRole_result'; + } + + public function read($input) + { + $xfer = 0; + $fname = null; + $ftype = 0; + $fid = 0; + $xfer += $input->readStructBegin($fname); + while (true) + { + $xfer += $input->readFieldBegin($fname, $ftype, $fid); + if ($ftype == TType::STOP) { + break; + } + switch ($fid) + { + case 0: + if ($ftype == TType::LST) { + $this->success = array(); + $_size7 = 0; + $_etype10 = 0; + $xfer += $input->readListBegin($_etype10, $_size7); + for ($_i11 = 0; $_i11 < $_size7; ++$_i11) + { + $elem12 = null; + $elem12 = new \Airavata\Model\User\UserProfile(); + $xfer += $elem12->read($input); + $this->success []= $elem12; + } + $xfer += $input->readListEnd(); + } else { + $xfer += $input->skip($ftype); + } + break; + case 1: + if ($ftype == TType::STRUCT) { + $this->Idse = new \Airavata\Service\Iam\Admin\Services\CPI\Error\IamAdminServicesException(); + $xfer += $this->Idse->read($input); + } else { + $xfer += $input->skip($ftype); + } + break; + case 2: + if ($ftype == TType::STRUCT) { + $this->ae = new \Airavata\API\Error\AuthorizationException(); + $xfer += $this->ae->read($input); + } else { + $xfer += $input->skip($ftype); + } + break; + default: + $xfer += $input->skip($ftype); + break; + } + $xfer += $input->readFieldEnd(); + } + $xfer += $input->readStructEnd(); + return $xfer; + } + + public function write($output) { + $xfer = 0; + $xfer += $output->writeStructBegin('IamAdminServices_getUsersWithRole_result'); + if ($this->success !== null) { + if (!is_array($this->success)) { + throw new TProtocolException('Bad type in structure.', TProtocolException::INVALID_DATA); + } + $xfer += $output->writeFieldBegin('success', TType::LST, 0); + { + $output->writeListBegin(TType::STRUCT, count($this->success)); + { + foreach ($this->success as $iter13) + { + $xfer += $iter13->write($output); + } + } + $output->writeListEnd(); + } + $xfer += $output->writeFieldEnd(); + } + if ($this->Idse !== null) { + $xfer += $output->writeFieldBegin('Idse', TType::STRUCT, 1); + $xfer += $this->Idse->write($output); + $xfer += $output->writeFieldEnd(); + } + if ($this->ae !== null) { + $xfer += $output->writeFieldBegin('ae', TType::STRUCT, 2); + $xfer += $this->ae->write($output); + $xfer += $output->writeFieldEnd(); + } + $xfer += $output->writeFieldStop(); + $xfer += $output->writeStructEnd(); + return $xfer; + } + +} + http://git-wip-us.apache.org/repos/asf/airavata/blob/a9d27716/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java index 7cd6b5b..2da9276 100644 --- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java +++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java @@ -24,6 +24,7 @@ package org.apache.airavata.service.profile.iam.admin.services.core.impl; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.utils.ServerSettings; import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.Status; import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.model.workspace.Gateway; import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; @@ -522,4 +523,54 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface { } } } + + @Override + public List<UserProfile> getUsersWithRole(PasswordCredential realmAdminCreds, String tenantId, String roleName) throws IamAdminServicesException { + Keycloak client = null; + try{ + client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), tenantId, realmAdminCreds); + // FIXME: this only gets the first 1000 users to search through for the given role + List<UserRepresentation> allUsers = client.realm(tenantId).users().search(null, + null, + null, + null, + 0, 1000); + + List<UserProfile> usersWithRole = new ArrayList<>(); + for (UserRepresentation user: allUsers) { + if (user.getRealmRoles().contains(roleName)) { + usersWithRole.add(convertUserRepresentationToUserProfile(user, tenantId)); + } + } + return usersWithRole; + } catch (ApplicationSettingsException ex) { + logger.error("Error getting values from property file, reason: " + ex.getMessage(), ex); + IamAdminServicesException exception = new IamAdminServicesException(); + exception.setMessage("Error getting values from property file, reason " + ex.getMessage()); + throw exception; + } finally { + if (client != null) { + client.close(); + } + } + } + + private UserProfile convertUserRepresentationToUserProfile(UserRepresentation userRepresentation, String tenantId) { + + UserProfile profile = new UserProfile(); + profile.setAiravataInternalUserId(userRepresentation.getUsername() + "@" + tenantId); + profile.setGatewayId(tenantId); + profile.setUserId(userRepresentation.getUsername()); + profile.setFirstName(userRepresentation.getFirstName()); + profile.setLastName(userRepresentation.getLastName()); + profile.setEmails(Arrays.asList(new String[]{userRepresentation.getEmail()})); + + // Just default these. UserProfile isn't a great data model for this data since it isn't actually the Airavata UserProfile + profile.setLastAccessTime(0); + profile.setCreationTime(0); + profile.setValidUntil(0); + profile.setState(Status.ACTIVE); + + return profile; + } } http://git-wip-us.apache.org/repos/asf/airavata/blob/a9d27716/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java index 7b5e34d..e181900 100644 --- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java +++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java @@ -135,4 +135,15 @@ public interface TenantManagementInterface { * @throws IamAdminServicesException */ boolean removeRoleFromUser(PasswordCredential realmAdminCreds, String tenantId, String username, String roleName) throws IamAdminServicesException; + + /** + * Get all users having the given role. + * + * @param realmAdminCreds + * @param tenantId + * @param roleName + * @return + * @throws IamAdminServicesException + */ + List<UserProfile> getUsersWithRole(PasswordCredential realmAdminCreds, String tenantId, String roleName) throws IamAdminServicesException; } http://git-wip-us.apache.org/repos/asf/airavata/blob/a9d27716/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java index b2f33e6..15f4596 100644 --- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java +++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java @@ -69,14 +69,14 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential(); - try{ - keycloakclient.addTenant(isSuperAdminCredentials,gateway); - if(!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials,gateway)){ + try { + keycloakclient.addTenant(isSuperAdminCredentials, gateway); + if (!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials, gateway)) { logger.error("Admin account creation failed !!, please refer error logs for reason"); } - Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials,gateway); + Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway); return gatewayWithIdAndSecret; - } catch (IamAdminServicesException ex){ + } catch (IamAdminServicesException ex) { logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex); throw ex; } @@ -88,13 +88,13 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { public boolean registerUser(AuthzToken authzToken, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - try{ + try { PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); - if(keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress, firstName, lastName, newPassword)) + if (keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress, firstName, lastName, newPassword)) return true; else return false; - } catch (TException|ApplicationSettingsException ex){ + } catch (TException | ApplicationSettingsException ex) { String msg = "Error while registering user into Identity Server, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -106,13 +106,13 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { public boolean enableUser(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - try{ + try { PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); - if(keycloakclient.enableUserAccount(isRealmAdminCredentials, gatewayId, username)) + if (keycloakclient.enableUserAccount(isRealmAdminCredentials, gatewayId, username)) return true; else return false; - } catch (TException|ApplicationSettingsException ex){ + } catch (TException | ApplicationSettingsException ex) { String msg = "Error while enabling user account, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -124,13 +124,13 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword) throws IamAdminServicesException, AuthorizationException, TException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - try{ + try { PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); - if(keycloakclient.resetUserPassword(isRealmAdminCredentials, gatewayId, username, newPassword)) + if (keycloakclient.resetUserPassword(isRealmAdminCredentials, gatewayId, username, newPassword)) return true; else return false; - } catch (TException|ApplicationSettingsException ex){ + } catch (TException | ApplicationSettingsException ex) { String msg = "Error while resetting user password in Identity Server, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -142,10 +142,10 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) throws IamAdminServicesException, AuthorizationException, TException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - try{ + try { PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); return keycloakclient.findUser(isRealmAdminCredentials, gatewayId, email, userId); - } catch (TException|ApplicationSettingsException ex){ + } catch (TException | ApplicationSettingsException ex) { String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -153,6 +153,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } @Override + @SecurityCheck public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException, AuthorizationException, TException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); @@ -174,13 +175,14 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } @Override + @SecurityCheck public boolean addRoleToUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - try{ + try { PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); return keycloakclient.addRoleToUser(isRealmAdminCredentials, gatewayId, username, roleName); - } catch (TException|ApplicationSettingsException ex){ + } catch (TException | ApplicationSettingsException ex) { String msg = "Error while adding role to user, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -188,19 +190,36 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } @Override + @SecurityCheck public boolean removeRoleFromUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - try{ + try { PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); return keycloakclient.removeRoleFromUser(isRealmAdminCredentials, gatewayId, username, roleName); - } catch (TException|ApplicationSettingsException ex){ + } catch (TException | ApplicationSettingsException ex) { String msg = "Error while removing role from user, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); } } + @Override + @SecurityCheck + public List<UserProfile> getUsersWithRole(AuthzToken authzToken, String roleName) throws IamAdminServicesException, AuthorizationException, TException { + + TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); + String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + try { + PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); + return keycloakclient.getUsersWithRole(isRealmAdminCredentials, gatewayId, roleName); + } catch (TException | ApplicationSettingsException ex) { + String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage(); + logger.error(msg, ex); + throw new IamAdminServicesException(msg); + } + } + private PasswordCredential getSuperAdminPasswordCredential() { PasswordCredential isSuperAdminCredentials = new PasswordCredential(); try { http://git-wip-us.apache.org/repos/asf/airavata/blob/a9d27716/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/iam/admin/services/cpi/IamAdminServices.java ---------------------------------------------------------------------- diff --git a/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/iam/admin/services/cpi/IamAdminServices.java b/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/iam/admin/services/cpi/IamAdminServices.java index d73d6c2..d15c780 100644 --- a/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/iam/admin/services/cpi/IamAdminServices.java +++ b/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/iam/admin/services/cpi/IamAdminServices.java @@ -73,6 +73,8 @@ public class IamAdminServices { public boolean removeRoleFromUser(org.apache.airavata.model.security.AuthzToken authzToken, String username, String roleName) throws org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException, org.apache.airavata.model.error.AuthorizationException, org.apache.thrift.TException; + public List<org.apache.airavata.model.user.UserProfile> getUsersWithRole(org.apache.airavata.model.security.AuthzToken authzToken, String roleName) throws org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException, org.apache.airavata.model.error.AuthorizationException, org.apache.thrift.TException; + } public interface AsyncIface { @@ -95,6 +97,8 @@ public class IamAdminServices { public void removeRoleFromUser(org.apache.airavata.model.security.AuthzToken authzToken, String username, String roleName, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException; + public void getUsersWithRole(org.apache.airavata.model.security.AuthzToken authzToken, String roleName, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException; + } public static class Client extends org.apache.thrift.TServiceClient implements Iface { @@ -391,6 +395,36 @@ public class IamAdminServices { throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "removeRoleFromUser failed: unknown result"); } + public List<org.apache.airavata.model.user.UserProfile> getUsersWithRole(org.apache.airavata.model.security.AuthzToken authzToken, String roleName) throws org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException, org.apache.airavata.model.error.AuthorizationException, org.apache.thrift.TException + { + send_getUsersWithRole(authzToken, roleName); + return recv_getUsersWithRole(); + } + + public void send_getUsersWithRole(org.apache.airavata.model.security.AuthzToken authzToken, String roleName) throws org.apache.thrift.TException + { + getUsersWithRole_args args = new getUsersWithRole_args(); + args.setAuthzToken(authzToken); + args.setRoleName(roleName); + sendBase("getUsersWithRole", args); + } + + public List<org.apache.airavata.model.user.UserProfile> recv_getUsersWithRole() throws org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException, org.apache.airavata.model.error.AuthorizationException, org.apache.thrift.TException + { + getUsersWithRole_result result = new getUsersWithRole_result(); + receiveBase(result, "getUsersWithRole"); + if (result.isSetSuccess()) { + return result.success; + } + if (result.Idse != null) { + throw result.Idse; + } + if (result.ae != null) { + throw result.ae; + } + throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "getUsersWithRole failed: unknown result"); + } + } public static class AsyncClient extends org.apache.thrift.async.TAsyncClient implements AsyncIface { public static class Factory implements org.apache.thrift.async.TAsyncClientFactory<AsyncClient> { @@ -745,6 +779,41 @@ public class IamAdminServices { } } + public void getUsersWithRole(org.apache.airavata.model.security.AuthzToken authzToken, String roleName, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException { + checkReady(); + getUsersWithRole_call method_call = new getUsersWithRole_call(authzToken, roleName, resultHandler, this, ___protocolFactory, ___transport); + this.___currentMethod = method_call; + ___manager.call(method_call); + } + + public static class getUsersWithRole_call extends org.apache.thrift.async.TAsyncMethodCall { + private org.apache.airavata.model.security.AuthzToken authzToken; + private String roleName; + public getUsersWithRole_call(org.apache.airavata.model.security.AuthzToken authzToken, String roleName, org.apache.thrift.async.AsyncMethodCallback resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException { + super(client, protocolFactory, transport, resultHandler, false); + this.authzToken = authzToken; + this.roleName = roleName; + } + + public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException { + prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("getUsersWithRole", org.apache.thrift.protocol.TMessageType.CALL, 0)); + getUsersWithRole_args args = new getUsersWithRole_args(); + args.setAuthzToken(authzToken); + args.setRoleName(roleName); + args.write(prot); + prot.writeMessageEnd(); + } + + public List<org.apache.airavata.model.user.UserProfile> getResult() throws org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException, org.apache.airavata.model.error.AuthorizationException, org.apache.thrift.TException { + if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) { + throw new IllegalStateException("Method call not finished!"); + } + org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array()); + org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport); + return (new Client(prot)).recv_getUsersWithRole(); + } + } + } public static class Processor<I extends Iface> extends org.apache.thrift.TBaseProcessor<I> implements org.apache.thrift.TProcessor { @@ -767,6 +836,7 @@ public class IamAdminServices { processMap.put("updateUserProfile", new updateUserProfile()); processMap.put("addRoleToUser", new addRoleToUser()); processMap.put("removeRoleFromUser", new removeRoleFromUser()); + processMap.put("getUsersWithRole", new getUsersWithRole()); return processMap; } @@ -1009,6 +1079,32 @@ public class IamAdminServices { } } + public static class getUsersWithRole<I extends Iface> extends org.apache.thrift.ProcessFunction<I, getUsersWithRole_args> { + public getUsersWithRole() { + super("getUsersWithRole"); + } + + public getUsersWithRole_args getEmptyArgsInstance() { + return new getUsersWithRole_args(); + } + + protected boolean isOneway() { + return false; + } + + public getUsersWithRole_result getResult(I iface, getUsersWithRole_args args) throws org.apache.thrift.TException { + getUsersWithRole_result result = new getUsersWithRole_result(); + try { + result.success = iface.getUsersWithRole(args.authzToken, args.roleName); + } catch (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException Idse) { + result.Idse = Idse; + } catch (org.apache.airavata.model.error.AuthorizationException ae) { + result.ae = ae; + } + return result; + } + } + } public static class AsyncProcessor<I extends AsyncIface> extends org.apache.thrift.TBaseAsyncProcessor<I> { @@ -1031,6 +1127,7 @@ public class IamAdminServices { processMap.put("updateUserProfile", new updateUserProfile()); processMap.put("addRoleToUser", new addRoleToUser()); processMap.put("removeRoleFromUser", new removeRoleFromUser()); + processMap.put("getUsersWithRole", new getUsersWithRole()); return processMap; } @@ -1596,6 +1693,68 @@ public class IamAdminServices { } } + public static class getUsersWithRole<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, getUsersWithRole_args, List<org.apache.airavata.model.user.UserProfile>> { + public getUsersWithRole() { + super("getUsersWithRole"); + } + + public getUsersWithRole_args getEmptyArgsInstance() { + return new getUsersWithRole_args(); + } + + public AsyncMethodCallback<List<org.apache.airavata.model.user.UserProfile>> getResultHandler(final AsyncFrameBuffer fb, final int seqid) { + final org.apache.thrift.AsyncProcessFunction fcall = this; + return new AsyncMethodCallback<List<org.apache.airavata.model.user.UserProfile>>() { + public void onComplete(List<org.apache.airavata.model.user.UserProfile> o) { + getUsersWithRole_result result = new getUsersWithRole_result(); + result.success = o; + try { + fcall.sendResponse(fb,result, org.apache.thrift.protocol.TMessageType.REPLY,seqid); + return; + } catch (Exception e) { + LOGGER.error("Exception writing to internal frame buffer", e); + } + fb.close(); + } + public void onError(Exception e) { + byte msgType = org.apache.thrift.protocol.TMessageType.REPLY; + org.apache.thrift.TBase msg; + getUsersWithRole_result result = new getUsersWithRole_result(); + if (e instanceof org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) { + result.Idse = (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException) e; + result.setIdseIsSet(true); + msg = result; + } + else if (e instanceof org.apache.airavata.model.error.AuthorizationException) { + result.ae = (org.apache.airavata.model.error.AuthorizationException) e; + result.setAeIsSet(true); + msg = result; + } + else + { + msgType = org.apache.thrift.protocol.TMessageType.EXCEPTION; + msg = (org.apache.thrift.TBase)new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.INTERNAL_ERROR, e.getMessage()); + } + try { + fcall.sendResponse(fb,msg,msgType,seqid); + return; + } catch (Exception ex) { + LOGGER.error("Exception writing to internal frame buffer", ex); + } + fb.close(); + } + }; + } + + protected boolean isOneway() { + return false; + } + + public void start(I iface, getUsersWithRole_args args, org.apache.thrift.async.AsyncMethodCallback<List<org.apache.airavata.model.user.UserProfile>> resultHandler) throws TException { + iface.getUsersWithRole(args.authzToken, args.roleName,resultHandler); + } + } + } public static class getAPIVersion_args implements org.apache.thrift.TBase<getAPIVersion_args, getAPIVersion_args._Fields>, java.io.Serializable, Cloneable, Comparable<getAPIVersion_args> { @@ -11584,4 +11743,1093 @@ public class IamAdminServices { } + public static class getUsersWithRole_args implements org.apache.thrift.TBase<getUsersWithRole_args, getUsersWithRole_args._Fields>, java.io.Serializable, Cloneable, Comparable<getUsersWithRole_args> { + private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("getUsersWithRole_args"); + + private static final org.apache.thrift.protocol.TField AUTHZ_TOKEN_FIELD_DESC = new org.apache.thrift.protocol.TField("authzToken", org.apache.thrift.protocol.TType.STRUCT, (short)1); + private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)2); + + private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); + static { + schemes.put(StandardScheme.class, new getUsersWithRole_argsStandardSchemeFactory()); + schemes.put(TupleScheme.class, new getUsersWithRole_argsTupleSchemeFactory()); + } + + public org.apache.airavata.model.security.AuthzToken authzToken; // required + public String roleName; // required + + /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ + public enum _Fields implements org.apache.thrift.TFieldIdEnum { + AUTHZ_TOKEN((short)1, "authzToken"), + ROLE_NAME((short)2, "roleName"); + + private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); + + static { + for (_Fields field : EnumSet.allOf(_Fields.class)) { + byName.put(field.getFieldName(), field); + } + } + + /** + * Find the _Fields constant that matches fieldId, or null if its not found. + */ + public static _Fields findByThriftId(int fieldId) { + switch(fieldId) { + case 1: // AUTHZ_TOKEN + return AUTHZ_TOKEN; + case 2: // ROLE_NAME + return ROLE_NAME; + default: + return null; + } + } + + /** + * Find the _Fields constant that matches fieldId, throwing an exception + * if it is not found. + */ + public static _Fields findByThriftIdOrThrow(int fieldId) { + _Fields fields = findByThriftId(fieldId); + if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!"); + return fields; + } + + /** + * Find the _Fields constant that matches name, or null if its not found. + */ + public static _Fields findByName(String name) { + return byName.get(name); + } + + private final short _thriftId; + private final String _fieldName; + + _Fields(short thriftId, String fieldName) { + _thriftId = thriftId; + _fieldName = fieldName; + } + + public short getThriftFieldId() { + return _thriftId; + } + + public String getFieldName() { + return _fieldName; + } + } + + // isset id assignments + public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; + static { + Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); + tmpMap.put(_Fields.AUTHZ_TOKEN, new org.apache.thrift.meta_data.FieldMetaData("authzToken", org.apache.thrift.TFieldRequirementType.REQUIRED, + new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.airavata.model.security.AuthzToken.class))); + tmpMap.put(_Fields.ROLE_NAME, new org.apache.thrift.meta_data.FieldMetaData("roleName", org.apache.thrift.TFieldRequirementType.REQUIRED, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + metaDataMap = Collections.unmodifiableMap(tmpMap); + org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(getUsersWithRole_args.class, metaDataMap); + } + + public getUsersWithRole_args() { + } + + public getUsersWithRole_args( + org.apache.airavata.model.security.AuthzToken authzToken, + String roleName) + { + this(); + this.authzToken = authzToken; + this.roleName = roleName; + } + + /** + * Performs a deep copy on <i>other</i>. + */ + public getUsersWithRole_args(getUsersWithRole_args other) { + if (other.isSetAuthzToken()) { + this.authzToken = new org.apache.airavata.model.security.AuthzToken(other.authzToken); + } + if (other.isSetRoleName()) { + this.roleName = other.roleName; + } + } + + public getUsersWithRole_args deepCopy() { + return new getUsersWithRole_args(this); + } + + @Override + public void clear() { + this.authzToken = null; + this.roleName = null; + } + + public org.apache.airavata.model.security.AuthzToken getAuthzToken() { + return this.authzToken; + } + + public getUsersWithRole_args setAuthzToken(org.apache.airavata.model.security.AuthzToken authzToken) { + this.authzToken = authzToken; + return this; + } + + public void unsetAuthzToken() { + this.authzToken = null; + } + + /** Returns true if field authzToken is set (has been assigned a value) and false otherwise */ + public boolean isSetAuthzToken() { + return this.authzToken != null; + } + + public void setAuthzTokenIsSet(boolean value) { + if (!value) { + this.authzToken = null; + } + } + + public String getRoleName() { + return this.roleName; + } + + public getUsersWithRole_args setRoleName(String roleName) { + this.roleName = roleName; + return this; + } + + public void unsetRoleName() { + this.roleName = null; + } + + /** Returns true if field roleName is set (has been assigned a value) and false otherwise */ + public boolean isSetRoleName() { + return this.roleName != null; + } + + public void setRoleNameIsSet(boolean value) { + if (!value) { + this.roleName = null; + } + } + + public void setFieldValue(_Fields field, Object value) { + switch (field) { + case AUTHZ_TOKEN: + if (value == null) { + unsetAuthzToken(); + } else { + setAuthzToken((org.apache.airavata.model.security.AuthzToken)value); + } + break; + + case ROLE_NAME: + if (value == null) { + unsetRoleName(); + } else { + setRoleName((String)value); + } + break; + + } + } + + public Object getFieldValue(_Fields field) { + switch (field) { + case AUTHZ_TOKEN: + return getAuthzToken(); + + case ROLE_NAME: + return getRoleName(); + + } + throw new IllegalStateException(); + } + + /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ + public boolean isSet(_Fields field) { + if (field == null) { + throw new IllegalArgumentException(); + } + + switch (field) { + case AUTHZ_TOKEN: + return isSetAuthzToken(); + case ROLE_NAME: + return isSetRoleName(); + } + throw new IllegalStateException(); + } + + @Override + public boolean equals(Object that) { + if (that == null) + return false; + if (that instanceof getUsersWithRole_args) + return this.equals((getUsersWithRole_args)that); + return false; + } + + public boolean equals(getUsersWithRole_args that) { + if (that == null) + return false; + + boolean this_present_authzToken = true && this.isSetAuthzToken(); + boolean that_present_authzToken = true && that.isSetAuthzToken(); + if (this_present_authzToken || that_present_authzToken) { + if (!(this_present_authzToken && that_present_authzToken)) + return false; + if (!this.authzToken.equals(that.authzToken)) + return false; + } + + boolean this_present_roleName = true && this.isSetRoleName(); + boolean that_present_roleName = true && that.isSetRoleName(); + if (this_present_roleName || that_present_roleName) { + if (!(this_present_roleName && that_present_roleName)) + return false; + if (!this.roleName.equals(that.roleName)) + return false; + } + + return true; + } + + @Override + public int hashCode() { + List<Object> list = new ArrayList<Object>(); + + boolean present_authzToken = true && (isSetAuthzToken()); + list.add(present_authzToken); + if (present_authzToken) + list.add(authzToken); + + boolean present_roleName = true && (isSetRoleName()); + list.add(present_roleName); + if (present_roleName) + list.add(roleName); + + return list.hashCode(); + } + + @Override + public int compareTo(getUsersWithRole_args other) { + if (!getClass().equals(other.getClass())) { + return getClass().getName().compareTo(other.getClass().getName()); + } + + int lastComparison = 0; + + lastComparison = Boolean.valueOf(isSetAuthzToken()).compareTo(other.isSetAuthzToken()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetAuthzToken()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.authzToken, other.authzToken); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetRoleName()).compareTo(other.isSetRoleName()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetRoleName()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.roleName, other.roleName); + if (lastComparison != 0) { + return lastComparison; + } + } + return 0; + } + + public _Fields fieldForId(int fieldId) { + return _Fields.findByThriftId(fieldId); + } + + public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException { + schemes.get(iprot.getScheme()).getScheme().read(iprot, this); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException { + schemes.get(oprot.getScheme()).getScheme().write(oprot, this); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("getUsersWithRole_args("); + boolean first = true; + + sb.append("authzToken:"); + if (this.authzToken == null) { + sb.append("null"); + } else { + sb.append(this.authzToken); + } + first = false; + if (!first) sb.append(", "); + sb.append("roleName:"); + if (this.roleName == null) { + sb.append("null"); + } else { + sb.append(this.roleName); + } + first = false; + sb.append(")"); + return sb.toString(); + } + + public void validate() throws org.apache.thrift.TException { + // check for required fields + if (authzToken == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'authzToken' was not present! Struct: " + toString()); + } + if (roleName == null) { + throw new org.apache.thrift.protocol.TProtocolException("Required field 'roleName' was not present! Struct: " + toString()); + } + // check for sub-struct validity + if (authzToken != null) { + authzToken.validate(); + } + } + + private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException { + try { + write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException { + try { + read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private static class getUsersWithRole_argsStandardSchemeFactory implements SchemeFactory { + public getUsersWithRole_argsStandardScheme getScheme() { + return new getUsersWithRole_argsStandardScheme(); + } + } + + private static class getUsersWithRole_argsStandardScheme extends StandardScheme<getUsersWithRole_args> { + + public void read(org.apache.thrift.protocol.TProtocol iprot, getUsersWithRole_args struct) throws org.apache.thrift.TException { + org.apache.thrift.protocol.TField schemeField; + iprot.readStructBegin(); + while (true) + { + schemeField = iprot.readFieldBegin(); + if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { + break; + } + switch (schemeField.id) { + case 1: // AUTHZ_TOKEN + if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { + struct.authzToken = new org.apache.airavata.model.security.AuthzToken(); + struct.authzToken.read(iprot); + struct.setAuthzTokenIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 2: // ROLE_NAME + if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { + struct.roleName = iprot.readString(); + struct.setRoleNameIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + default: + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + iprot.readFieldEnd(); + } + iprot.readStructEnd(); + + // check for required fields of primitive type, which can't be checked in the validate method + struct.validate(); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot, getUsersWithRole_args struct) throws org.apache.thrift.TException { + struct.validate(); + + oprot.writeStructBegin(STRUCT_DESC); + if (struct.authzToken != null) { + oprot.writeFieldBegin(AUTHZ_TOKEN_FIELD_DESC); + struct.authzToken.write(oprot); + oprot.writeFieldEnd(); + } + if (struct.roleName != null) { + oprot.writeFieldBegin(ROLE_NAME_FIELD_DESC); + oprot.writeString(struct.roleName); + oprot.writeFieldEnd(); + } + oprot.writeFieldStop(); + oprot.writeStructEnd(); + } + + } + + private static class getUsersWithRole_argsTupleSchemeFactory implements SchemeFactory { + public getUsersWithRole_argsTupleScheme getScheme() { + return new getUsersWithRole_argsTupleScheme(); + } + } + + private static class getUsersWithRole_argsTupleScheme extends TupleScheme<getUsersWithRole_args> { + + @Override + public void write(org.apache.thrift.protocol.TProtocol prot, getUsersWithRole_args struct) throws org.apache.thrift.TException { + TTupleProtocol oprot = (TTupleProtocol) prot; + struct.authzToken.write(oprot); + oprot.writeString(struct.roleName); + } + + @Override + public void read(org.apache.thrift.protocol.TProtocol prot, getUsersWithRole_args struct) throws org.apache.thrift.TException { + TTupleProtocol iprot = (TTupleProtocol) prot; + struct.authzToken = new org.apache.airavata.model.security.AuthzToken(); + struct.authzToken.read(iprot); + struct.setAuthzTokenIsSet(true); + struct.roleName = iprot.readString(); + struct.setRoleNameIsSet(true); + } + } + + } + + public static class getUsersWithRole_result implements org.apache.thrift.TBase<getUsersWithRole_result, getUsersWithRole_result._Fields>, java.io.Serializable, Cloneable, Comparable<getUsersWithRole_result> { + private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("getUsersWithRole_result"); + + private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.LIST, (short)0); + private static final org.apache.thrift.protocol.TField IDSE_FIELD_DESC = new org.apache.thrift.protocol.TField("Idse", org.apache.thrift.protocol.TType.STRUCT, (short)1); + private static final org.apache.thrift.protocol.TField AE_FIELD_DESC = new org.apache.thrift.protocol.TField("ae", org.apache.thrift.protocol.TType.STRUCT, (short)2); + + private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>(); + static { + schemes.put(StandardScheme.class, new getUsersWithRole_resultStandardSchemeFactory()); + schemes.put(TupleScheme.class, new getUsersWithRole_resultTupleSchemeFactory()); + } + + public List<org.apache.airavata.model.user.UserProfile> success; // required + public org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException Idse; // required + public org.apache.airavata.model.error.AuthorizationException ae; // required + + /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ + public enum _Fields implements org.apache.thrift.TFieldIdEnum { + SUCCESS((short)0, "success"), + IDSE((short)1, "Idse"), + AE((short)2, "ae"); + + private static final Map<String, _Fields> byName = new HashMap<String, _Fields>(); + + static { + for (_Fields field : EnumSet.allOf(_Fields.class)) { + byName.put(field.getFieldName(), field); + } + } + + /** + * Find the _Fields constant that matches fieldId, or null if its not found. + */ + public static _Fields findByThriftId(int fieldId) { + switch(fieldId) { + case 0: // SUCCESS + return SUCCESS; + case 1: // IDSE + return IDSE; + case 2: // AE + return AE; + default: + return null; + } + } + + /** + * Find the _Fields constant that matches fieldId, throwing an exception + * if it is not found. + */ + public static _Fields findByThriftIdOrThrow(int fieldId) { + _Fields fields = findByThriftId(fieldId); + if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!"); + return fields; + } + + /** + * Find the _Fields constant that matches name, or null if its not found. + */ + public static _Fields findByName(String name) { + return byName.get(name); + } + + private final short _thriftId; + private final String _fieldName; + + _Fields(short thriftId, String fieldName) { + _thriftId = thriftId; + _fieldName = fieldName; + } + + public short getThriftFieldId() { + return _thriftId; + } + + public String getFieldName() { + return _fieldName; + } + } + + // isset id assignments + public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap; + static { + Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); + tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.ListMetaData(org.apache.thrift.protocol.TType.LIST, + new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.airavata.model.user.UserProfile.class)))); + tmpMap.put(_Fields.IDSE, new org.apache.thrift.meta_data.FieldMetaData("Idse", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRUCT))); + tmpMap.put(_Fields.AE, new org.apache.thrift.meta_data.FieldMetaData("ae", org.apache.thrift.TFieldRequirementType.DEFAULT, + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRUCT))); + metaDataMap = Collections.unmodifiableMap(tmpMap); + org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(getUsersWithRole_result.class, metaDataMap); + } + + public getUsersWithRole_result() { + } + + public getUsersWithRole_result( + List<org.apache.airavata.model.user.UserProfile> success, + org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException Idse, + org.apache.airavata.model.error.AuthorizationException ae) + { + this(); + this.success = success; + this.Idse = Idse; + this.ae = ae; + } + + /** + * Performs a deep copy on <i>other</i>. + */ + public getUsersWithRole_result(getUsersWithRole_result other) { + if (other.isSetSuccess()) { + List<org.apache.airavata.model.user.UserProfile> __this__success = new ArrayList<org.apache.airavata.model.user.UserProfile>(other.success.size()); + for (org.apache.airavata.model.user.UserProfile other_element : other.success) { + __this__success.add(new org.apache.airavata.model.user.UserProfile(other_element)); + } + this.success = __this__success; + } + if (other.isSetIdse()) { + this.Idse = new org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException(other.Idse); + } + if (other.isSetAe()) { + this.ae = new org.apache.airavata.model.error.AuthorizationException(other.ae); + } + } + + public getUsersWithRole_result deepCopy() { + return new getUsersWithRole_result(this); + } + + @Override + public void clear() { + this.success = null; + this.Idse = null; + this.ae = null; + } + + public int getSuccessSize() { + return (this.success == null) ? 0 : this.success.size(); + } + + public java.util.Iterator<org.apache.airavata.model.user.UserProfile> getSuccessIterator() { + return (this.success == null) ? null : this.success.iterator(); + } + + public void addToSuccess(org.apache.airavata.model.user.UserProfile elem) { + if (this.success == null) { + this.success = new ArrayList<org.apache.airavata.model.user.UserProfile>(); + } + this.success.add(elem); + } + + public List<org.apache.airavata.model.user.UserProfile> getSuccess() { + return this.success; + } + + public getUsersWithRole_result setSuccess(List<org.apache.airavata.model.user.UserProfile> success) { + this.success = success; + return this; + } + + public void unsetSuccess() { + this.success = null; + } + + /** Returns true if field success is set (has been assigned a value) and false otherwise */ + public boolean isSetSuccess() { + return this.success != null; + } + + public void setSuccessIsSet(boolean value) { + if (!value) { + this.success = null; + } + } + + public org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException getIdse() { + return this.Idse; + } + + public getUsersWithRole_result setIdse(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException Idse) { + this.Idse = Idse; + return this; + } + + public void unsetIdse() { + this.Idse = null; + } + + /** Returns true if field Idse is set (has been assigned a value) and false otherwise */ + public boolean isSetIdse() { + return this.Idse != null; + } + + public void setIdseIsSet(boolean value) { + if (!value) { + this.Idse = null; + } + } + + public org.apache.airavata.model.error.AuthorizationException getAe() { + return this.ae; + } + + public getUsersWithRole_result setAe(org.apache.airavata.model.error.AuthorizationException ae) { + this.ae = ae; + return this; + } + + public void unsetAe() { + this.ae = null; + } + + /** Returns true if field ae is set (has been assigned a value) and false otherwise */ + public boolean isSetAe() { + return this.ae != null; + } + + public void setAeIsSet(boolean value) { + if (!value) { + this.ae = null; + } + } + + public void setFieldValue(_Fields field, Object value) { + switch (field) { + case SUCCESS: + if (value == null) { + unsetSuccess(); + } else { + setSuccess((List<org.apache.airavata.model.user.UserProfile>)value); + } + break; + + case IDSE: + if (value == null) { + unsetIdse(); + } else { + setIdse((org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)value); + } + break; + + case AE: + if (value == null) { + unsetAe(); + } else { + setAe((org.apache.airavata.model.error.AuthorizationException)value); + } + break; + + } + } + + public Object getFieldValue(_Fields field) { + switch (field) { + case SUCCESS: + return getSuccess(); + + case IDSE: + return getIdse(); + + case AE: + return getAe(); + + } + throw new IllegalStateException(); + } + + /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */ + public boolean isSet(_Fields field) { + if (field == null) { + throw new IllegalArgumentException(); + } + + switch (field) { + case SUCCESS: + return isSetSuccess(); + case IDSE: + return isSetIdse(); + case AE: + return isSetAe(); + } + throw new IllegalStateException(); + } + + @Override + public boolean equals(Object that) { + if (that == null) + return false; + if (that instanceof getUsersWithRole_result) + return this.equals((getUsersWithRole_result)that); + return false; + } + + public boolean equals(getUsersWithRole_result that) { + if (that == null) + return false; + + boolean this_present_success = true && this.isSetSuccess(); + boolean that_present_success = true && that.isSetSuccess(); + if (this_present_success || that_present_success) { + if (!(this_present_success && that_present_success)) + return false; + if (!this.success.equals(that.success)) + return false; + } + + boolean this_present_Idse = true && this.isSetIdse(); + boolean that_present_Idse = true && that.isSetIdse(); + if (this_present_Idse || that_present_Idse) { + if (!(this_present_Idse && that_present_Idse)) + return false; + if (!this.Idse.equals(that.Idse)) + return false; + } + + boolean this_present_ae = true && this.isSetAe(); + boolean that_present_ae = true && that.isSetAe(); + if (this_present_ae || that_present_ae) { + if (!(this_present_ae && that_present_ae)) + return false; + if (!this.ae.equals(that.ae)) + return false; + } + + return true; + } + + @Override + public int hashCode() { + List<Object> list = new ArrayList<Object>(); + + boolean present_success = true && (isSetSuccess()); + list.add(present_success); + if (present_success) + list.add(success); + + boolean present_Idse = true && (isSetIdse()); + list.add(present_Idse); + if (present_Idse) + list.add(Idse); + + boolean present_ae = true && (isSetAe()); + list.add(present_ae); + if (present_ae) + list.add(ae); + + return list.hashCode(); + } + + @Override + public int compareTo(getUsersWithRole_result other) { + if (!getClass().equals(other.getClass())) { + return getClass().getName().compareTo(other.getClass().getName()); + } + + int lastComparison = 0; + + lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(other.isSetSuccess()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetSuccess()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, other.success); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetIdse()).compareTo(other.isSetIdse()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetIdse()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.Idse, other.Idse); + if (lastComparison != 0) { + return lastComparison; + } + } + lastComparison = Boolean.valueOf(isSetAe()).compareTo(other.isSetAe()); + if (lastComparison != 0) { + return lastComparison; + } + if (isSetAe()) { + lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.ae, other.ae); + if (lastComparison != 0) { + return lastComparison; + } + } + return 0; + } + + public _Fields fieldForId(int fieldId) { + return _Fields.findByThriftId(fieldId); + } + + public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException { + schemes.get(iprot.getScheme()).getScheme().read(iprot, this); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException { + schemes.get(oprot.getScheme()).getScheme().write(oprot, this); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("getUsersWithRole_result("); + boolean first = true; + + sb.append("success:"); + if (this.success == null) { + sb.append("null"); + } else { + sb.append(this.success); + } + first = false; + if (!first) sb.append(", "); + sb.append("Idse:"); + if (this.Idse == null) { + sb.append("null"); + } else { + sb.append(this.Idse); + } + first = false; + if (!first) sb.append(", "); + sb.append("ae:"); + if (this.ae == null) { + sb.append("null"); + } else { + sb.append(this.ae); + } + first = false; + sb.append(")"); + return sb.toString(); + } + + public void validate() throws org.apache.thrift.TException { + // check for required fields + // check for sub-struct validity + } + + private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException { + try { + write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException { + try { + read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in))); + } catch (org.apache.thrift.TException te) { + throw new java.io.IOException(te); + } + } + + private static class getUsersWithRole_resultStandardSchemeFactory implements SchemeFactory { + public getUsersWithRole_resultStandardScheme getScheme() { + return new getUsersWithRole_resultStandardScheme(); + } + } + + private static class getUsersWithRole_resultStandardScheme extends StandardScheme<getUsersWithRole_result> { + + public void read(org.apache.thrift.protocol.TProtocol iprot, getUsersWithRole_result struct) throws org.apache.thrift.TException { + org.apache.thrift.protocol.TField schemeField; + iprot.readStructBegin(); + while (true) + { + schemeField = iprot.readFieldBegin(); + if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { + break; + } + switch (schemeField.id) { + case 0: // SUCCESS + if (schemeField.type == org.apache.thrift.protocol.TType.LIST) { + { + org.apache.thrift.protocol.TList _list8 = iprot.readListBegin(); + struct.success = new ArrayList<org.apache.airavata.model.user.UserProfile>(_list8.size); + org.apache.airavata.model.user.UserProfile _elem9; + for (int _i10 = 0; _i10 < _list8.size; ++_i10) + { + _elem9 = new org.apache.airavata.model.user.UserProfile(); + _elem9.read(iprot); + struct.success.add(_elem9); + } + iprot.readListEnd(); + } + struct.setSuccessIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 1: // IDSE + if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { + struct.Idse = new org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException(); + struct.Idse.read(iprot); + struct.setIdseIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + case 2: // AE + if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) { + struct.ae = new org.apache.airavata.model.error.AuthorizationException(); + struct.ae.read(iprot); + struct.setAeIsSet(true); + } else { + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + break; + default: + org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); + } + iprot.readFieldEnd(); + } + iprot.readStructEnd(); + + // check for required fields of primitive type, which can't be checked in the validate method + struct.validate(); + } + + public void write(org.apache.thrift.protocol.TProtocol oprot, getUsersWithRole_result struct) throws org.apache.thrift.TException { + struct.validate(); + + oprot.writeStructBegin(STRUCT_DESC); + if (struct.success != null) { + oprot.writeFieldBegin(SUCCESS_FIELD_DESC); + { + oprot.writeListBegin(new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRUCT, struct.success.size())); + for (org.apache.airavata.model.user.UserProfile _iter11 : struct.success) + { + _iter11.write(oprot); + } + oprot.writeListEnd(); + } + oprot.writeFieldEnd(); + } + if (struct.Idse != null) { + oprot.writeFieldBegin(IDSE_FIELD_DESC); + struct.Idse.write(oprot); + oprot.writeFieldEnd(); + } + if (struct.ae != null) { + oprot.writeFieldBegin(AE_FIELD_DESC); + struct.ae.write(oprot); + oprot.writeFieldEnd(); + } + oprot.writeFieldStop(); + oprot.writeStructEnd(); + } + + } + + private static class getUsersWithRole_resultTupleSchemeFactory implements SchemeFactory { + public getUsersWithRole_resultTupleScheme getScheme() { + return new getUsersWithRole_resultTupleScheme(); + } + } + + private static class getUsersWithRole_resultTupleScheme extends TupleScheme<getUsersWithRole_result> { + + @Override + public void write(org.apache.thrift.protocol.TProtocol prot, getUsersWithRole_result struct) throws org.apache.thrift.TException { + TTupleProtocol oprot = (TTupleProtocol) prot; + BitSet optionals = new BitSet(); + if (struct.isSetSuccess()) { + optionals.set(0); + } + if (struct.isSetIdse()) { + optionals.set(1); + } + if (struct.isSetAe()) { + optionals.set(2); + } + oprot.writeBitSet(optionals, 3); + if (struct.isSetSuccess()) { + { + oprot.writeI32(struct.success.size()); + for (org.apache.airavata.model.user.UserProfile _iter12 : struct.success) + { + _iter12.write(oprot); + } + } + } + if (struct.isSetIdse()) { + struct.Idse.write(oprot); + } + if (struct.isSetAe()) { + struct.ae.write(oprot); + } + } + + @Override + public void read(org.apache.thrift.protocol.TProtocol prot, getUsersWithRole_result struct) throws org.apache.thrift.TException { + TTupleProtocol iprot = (TTupleProtocol) prot; + BitSet incoming = iprot.readBitSet(3); + if (incoming.get(0)) { + { + org.apache.thrift.protocol.TList _list13 = new org.apache.thrift.protocol.TList(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32()); + struct.success = new ArrayList<org.apache.airavata.model.user.UserProfile>(_list13.size); + org.apache.airavata.model.user.UserProfile _elem14; + for (int _i15 = 0; _i15 < _list13.size; ++_i15) + { + _elem14 = new org.apache.airavata.model.user.UserProfile(); + _elem14.read(iprot); + struct.success.add(_elem14); + } + } + struct.setSuccessIsSet(true); + } + if (incoming.get(1)) { + struct.Idse = new org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException(); + struct.Idse.read(iprot); + struct.setIdseIsSet(true); + } + if (incoming.get(2)) { + struct.ae = new org.apache.airavata.model.error.AuthorizationException(); + struct.ae.read(iprot); + struct.setAeIsSet(true); + } + } + } + + } + } http://git-wip-us.apache.org/repos/asf/airavata/blob/a9d27716/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift ---------------------------------------------------------------------- diff --git a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift index 971ca92..d75847a 100644 --- a/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift +++ b/thrift-interface-descriptions/service-cpis/profile-service/iam-admin-services/iam-admin-services-cpi.thrift @@ -91,4 +91,9 @@ service IamAdminServices { 3: required string roleName) throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, 2: airavata_errors.AuthorizationException ae) + + list<user_profile_model.UserProfile> getUsersWithRole(1: required security_model.AuthzToken authzToken, + 2: required string roleName) + throws (1: iam_admin_services_cpi_errors.IamAdminServicesException Idse, + 2: airavata_errors.AuthorizationException ae) } \ No newline at end of file
