[airavata-custos] branch develop updated: userbased external ids deletion

[isjarana]

This is an automated email from the ASF dual-hosted git repository.

isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git


The following commit(s) were added to refs/heads/develop by this push:
     new a7f3002  userbased external ids deletion
     new b1d72d9  Merge pull request #220 from isururanawaka/develop
a7f3002 is described below

commit a7f300291dc4b8ce8268d28ab22810684820b4c9
Author: Isuru Ranawaka <irjan...@gmail.com>
AuthorDate: Fri Jul 23 15:42:59 2021 -0400

    userbased external ids deletion
---
 .../iam-admin-core-service/Dockerfile              |   2 +-
 .../apache/custos/iam/service/IamAdminService.java |   7 +++-
 .../src/main/proto/IamAdminService.proto           |   1 +
 .../services/clients/keycloak/KeycloakClient.java  |  36 +++++++++++++++++++++
 .../main/resources/protos/IamAdminService.proto    |   1 +
 .../src/main/resources/user-management-service.pb  | Bin 125989 -> 126088 bytes
 6 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/custos-core-services/iam-admin-core-service/Dockerfile 
b/custos-core-services/iam-admin-core-service/Dockerfile
index 403f1d3..353e758 100644
--- a/custos-core-services/iam-admin-core-service/Dockerfile
+++ b/custos-core-services/iam-admin-core-service/Dockerfile
@@ -3,4 +3,4 @@ COPY src/main/resources/keycloak-client-truststore.pkcs12 
/home/ubuntu/keystore/
 VOLUME /tmp
 ARG JAR_FILE
 ADD ${JAR_FILE} app.jar
-ENTRYPOINT 
["java","-Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager 
-Djava.security.debug=access:stack 
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2","-jar","/app.jar"]
\ No newline at end of file
+ENTRYPOINT ["java","-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2","-jar","/app.jar"]
\ No newline at end of file
diff --git 
a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
 
b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
index 07b80e0..68931db 100644
--- 
a/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
+++ 
b/custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java
@@ -542,7 +542,12 @@ public class IamAdminService extends 
IamAdminServiceImplBase {
                                               
StreamObserver<org.apache.custos.iam.service.OperationStatus> responseObserver) 
{
         try {
             long tenantId = request.getTenantId();
-            boolean status = 
keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+            boolean status = false;
+            if (request.getUserIdList().isEmpty()) {
+                status = 
keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId));
+            } else {
+                status = 
keycloakClient.deleteExternalIDPLinks(String.valueOf(tenantId), 
request.getUserIdList());
+            }
             
responseObserver.onNext(org.apache.custos.iam.service.OperationStatus.newBuilder().setStatus(status).build());
             responseObserver.onCompleted();
         } catch (Exception ex) {
diff --git 
a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
 
b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
index 0a0d7d0..418ba8f 100644
--- 
a/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
+++ 
b/custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto
@@ -409,6 +409,7 @@ message GetAllResourcesResponse {
 message DeleteExternalIDPsRequest {
     int64 tenant_id= 1;
     string client_id = 2;
+    repeated string user_id=3;
 }
 
 service IamAdminService {
diff --git 
a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
 
b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
index 2f44a4b..cb7a449 100644
--- 
a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
+++ 
b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java
@@ -1396,6 +1396,42 @@ public class KeycloakClient {
 
     }
 
+    public boolean deleteExternalIDPLinks(String realmId, List<String> users) {
+
+        Keycloak client = null;
+        try {
+            client = getClient(iamServerURL, superAdminRealmID, 
superAdminUserName, superAdminPassword);
+
+            RealmResource realmResource = client.realm(realmId);
+            List<UserRepresentation> userResourceList = 
client.realm(realmId).users().list();
+            userResourceList.forEach(user -> {
+                if (users.contains(user.getUsername())) {
+                    UserResource userResource = 
realmResource.users().get(user.getId());
+                    List<FederatedIdentityRepresentation> 
federatedIdentityRepresentations =
+                            userResource.getFederatedIdentity();
+                    if (federatedIdentityRepresentations != null && 
!federatedIdentityRepresentations.isEmpty()) {
+                        federatedIdentityRepresentations.forEach(fed -> {
+                            
userResource.removeFederatedIdentity(fed.getIdentityProvider());
+                        });
+                    }
+                }
+            });
+            return true;
+        } catch (Exception ex) {
+            String msg = "Error occurred while deleting external IDP links of 
realm "
+                    + realmId + ", reason " + ex.getMessage();
+            LOGGER.error(msg, ex);
+            throw new RuntimeException(msg, ex);
+
+        } finally {
+            if (client != null) {
+                client.close();
+            }
+        }
+
+    }
+
+
     /**
      * creates groups and child groups in Keycloak
      *
diff --git 
a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
 
b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
index 0a0d7d0..418ba8f 100644
--- 
a/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
+++ 
b/custos-integration-services/custos-integration-services-swagger/src/main/resources/protos/IamAdminService.proto
@@ -409,6 +409,7 @@ message GetAllResourcesResponse {
 message DeleteExternalIDPsRequest {
     int64 tenant_id= 1;
     string client_id = 2;
+    repeated string user_id=3;
 }
 
 service IamAdminService {
diff --git 
a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
 
b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
index fb519fd..ac21497 100644
Binary files 
a/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
 and 
b/custos-integration-services/user-management-service-parent/user-management-service-sidecar/src/main/resources/user-management-service.pb
 differ