This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch staging
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/staging by this push:
new 1d03c06 supports KV secrets for confidential clients
new 747ef34 Merge pull request #244 from isururanawaka/staging
1d03c06 is described below
commit 1d03c062fdf65ba179d7306fbbbcf9db7eac471e
Author: Isuru Ranawaka <[email protected]>
AuthorDate: Wed Nov 17 21:01:29 2021 -0500
supports KV secrets for confidential clients
---
.../clients/resource_secret_management_client.py | 28 +++++++++++++++-------
.../clients/resource_secret_management_client.py | 28 +++++++++++++++-------
.../custos-python-sdk/custos_sdk.egg-info/PKG-INFO | 2 +-
custos-client-sdks/custos-python-sdk/setup.py | 2 +-
.../interceptors/AuthInterceptorImpl.java | 5 +++-
5 files changed, 46 insertions(+), 19 deletions(-)
diff --git
a/custos-client-sdks/custos-python-sdk/build/lib/custos/clients/resource_secret_management_client.py
b/custos-client-sdks/custos-python-sdk/build/lib/custos/clients/resource_secret_management_client.py
index 1b41dbc..53fde07 100644
---
a/custos-client-sdks/custos-python-sdk/build/lib/custos/clients/resource_secret_management_client.py
+++
b/custos-client-sdks/custos-python-sdk/build/lib/custos/clients/resource_secret_management_client.py
@@ -140,10 +140,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while creating password key")
raise
- def set_KV_credential(self, token, user_token, client_id, key, value):
+ def set_KV_credential(self, token, client_id, key, value, user_token=None,
user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, value=value,
metadata=secret_metadata)
@@ -153,10 +156,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while creating KV credential")
raise
- def update_KV_credential(self, token,user_token, client_id, key, value):
+ def update_KV_credential(self, token, client_id, key, value,
user_token=None, user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, value=value,
metadata=secret_metadata)
@@ -166,10 +172,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while updating KV credential")
raise
- def delete_KV_credential(self, token, user_token, client_id, key):
+ def delete_KV_credential(self, token, client_id, key, user_token=None,
user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, metadata=secret_metadata)
@@ -180,10 +189,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while deleting KV credential")
raise
- def get_KV_credential(self, token, user_token, client_id, key):
+ def get_KV_credential(self, token, client_id, key, user_token=None,
user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, metadata=secret_metadata)
diff --git
a/custos-client-sdks/custos-python-sdk/custos/clients/resource_secret_management_client.py
b/custos-client-sdks/custos-python-sdk/custos/clients/resource_secret_management_client.py
index 1b41dbc..53fde07 100644
---
a/custos-client-sdks/custos-python-sdk/custos/clients/resource_secret_management_client.py
+++
b/custos-client-sdks/custos-python-sdk/custos/clients/resource_secret_management_client.py
@@ -140,10 +140,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while creating password key")
raise
- def set_KV_credential(self, token, user_token, client_id, key, value):
+ def set_KV_credential(self, token, client_id, key, value, user_token=None,
user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, value=value,
metadata=secret_metadata)
@@ -153,10 +156,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while creating KV credential")
raise
- def update_KV_credential(self, token,user_token, client_id, key, value):
+ def update_KV_credential(self, token, client_id, key, value,
user_token=None, user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, value=value,
metadata=secret_metadata)
@@ -166,10 +172,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while updating KV credential")
raise
- def delete_KV_credential(self, token, user_token, client_id, key):
+ def delete_KV_credential(self, token, client_id, key, user_token=None,
user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, metadata=secret_metadata)
@@ -180,10 +189,13 @@ class ResourceSecretManagementClient(object):
logger.exception("Error occurred while deleting KV credential")
raise
- def get_KV_credential(self, token, user_token, client_id, key):
+ def get_KV_credential(self, token, client_id, key, user_token=None,
user_name=None):
try:
token = "Bearer " + token
- metadata = (('authorization', token),('user_token', user_token),)
+ if user_token is None:
+ metadata = (('authorization', token), ('owner_id', user_name),)
+ else:
+ metadata = (('authorization', token), ('user_token',
user_token),)
secret_metadata = SecretMetadata(client_id=client_id)
request = KVCredential(key=key, metadata=secret_metadata)
diff --git a/custos-client-sdks/custos-python-sdk/custos_sdk.egg-info/PKG-INFO
b/custos-client-sdks/custos-python-sdk/custos_sdk.egg-info/PKG-INFO
index 59ef769..03e5e8d 100644
--- a/custos-client-sdks/custos-python-sdk/custos_sdk.egg-info/PKG-INFO
+++ b/custos-client-sdks/custos-python-sdk/custos_sdk.egg-info/PKG-INFO
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: custos-sdk
-Version: 1.0.7
+Version: 1.0.8
Summary: Apache Custos Python SDK
Home-page: http://custos.com
Author: Custos Developers
diff --git a/custos-client-sdks/custos-python-sdk/setup.py
b/custos-client-sdks/custos-python-sdk/setup.py
index 6d5f0dd..16aaaa5 100644
--- a/custos-client-sdks/custos-python-sdk/setup.py
+++ b/custos-client-sdks/custos-python-sdk/setup.py
@@ -10,7 +10,7 @@ def read(fname):
setup(
name='custos-sdk',
- version='1.0.7',
+ version='1.0.8',
packages=find_packages(),
package_data={'': ['*.pem']},
include_package_data=True,
diff --git
a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/AuthInterceptorImpl.java
b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/AuthInterceptorImpl.java
index 1fca7f0..362c9a1 100644
---
a/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/AuthInterceptorImpl.java
+++
b/custos-integration-services/resource-secret-management-service-parent/resource-secret-management-service/src/main/java/org/apache/custos/resource/secret/management/interceptors/AuthInterceptorImpl.java
@@ -172,12 +172,15 @@ public class AuthInterceptorImpl extends
MultiTenantAuthInterceptor {
} else if (method.equals("getKVCredential") ||
method.equals("addKVCredential") || method.equals("updateKVCredential")
|| method.equals("deleteKVCredential")) {
String clientId = ((KVCredential)
reqT).getMetadata().getClientId();
+ String username = ((KVCredential) reqT).getMetadata().getOwnerId();
Optional<AuthClaim> claim = authorize(headers, clientId);
return claim.map(cl -> {
SecretMetadata metadata = ((KVCredential) reqT)
.getMetadata()
-
.toBuilder().setOwnerId(cl.getUsername()).setTenantId(cl.getTenantId()).build();
+ .toBuilder().setOwnerId(cl.getUsername() != null &&
+ !cl.getUsername().isEmpty() ? cl.getUsername()
: username)
+ .setTenantId(cl.getTenantId()).build();
return (ReqT) ((KVCredential)
reqT).toBuilder().setMetadata(metadata).build();
}).orElseThrow(() -> {
throw new UnAuthorizedException("Request is not authorized",
null);
