This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new d84e7a28a Fix https://github.com/apache/airavata-custos/issues/382
new e64960ce3 Merge pull request #383 from isururanawaka/develop
d84e7a28a is described below
commit d84e7a28a3151311966a59b6333789cfb8a5fb02
Author: Isuru Ranawaka <[email protected]>
AuthorDate: Wed May 3 19:42:17 2023 -0400
Fix https://github.com/apache/airavata-custos/issues/382
---
README.md | 46 ++++---
.../management/client/UserManagementClient.java | 148 ++++++++-------------
.../store/service/CredentialStoreService.java | 4 +-
.../commons/interceptors/AuthInterceptor.java | 2 +-
4 files changed, 90 insertions(+), 110 deletions(-)
diff --git a/README.md b/README.md
index 51f9f680a..91ee440e7 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ Science gateways represent potential targets for
cybersecurity threats to users,
## Quickstart
## Installation Instructions
-### Deploy Custos on remote server
+
### Setup Custos for local development
#### Prerequisites
@@ -39,6 +39,8 @@ Science gateways represent potential targets for
cybersecurity threats to users,
* Docker installed on local environment
+* Maven 3.6.x
+
#### Clone the repository
```
git clone -b develop https://github.com/apache/airavata-custos.git
@@ -56,17 +58,19 @@ Science gateways represent potential targets for
cybersecurity threats to users,
#### Run Custos on docker
- Following command starts Custos main services and its depend services
+Following command starts Custos main services and its depend services. All
services are listed below and you should be able to
+access them locally if all services are correctly started.
+
- Dependent Services
- * Keycloak
- * MySQL
- * HashiCorp Vault
- * CILogon
+ * Keycloak (http://localhost:8080/auth/)
+ * MySQL (0.0.0.0:3306)
+ * HashiCorp Vault (http://localhost:8201/)
+ * CILogon (Not available for local development)
- Custos Services
- * Custos Core Service
- * Custos Integration Service
- * Custos Rest Proxy
+ * Custos Core Service (0.0.0.0:7001 (grpc port))
+ * Custos Integration Service (0.0.0.0:7000 (grpc port))
+ * Custos Rest Proxy (http://localhost:10000(envoy proxy)
```
cd custos-utilities/ide-integration/src/main/containers
@@ -83,13 +87,25 @@ If all services were successfully ran. Custos bootstrap
service needs to be run
The above command should create the super tenant and it outputs super tenant
credentials. Copy those credentials to configure
Custos Portal.
-
+```
+Note: Make sure to clean up old databases for fresh start.
+```
#### Install Custos Portal Locally
-Following the following link to access portal deployment instructions
+Follow the following link to access portal deployment instructions
-[custos
portal](https://github.com/apache/airavata-custos-portal/blob/master/README.md)
+[Custos
Portal](https://github.com/apache/airavata-custos-portal/blob/master/README.md)
+
+You have to configure following properties in the .env file
+
+```
+CUSTOS_CLIENT_ID="SUPERT TENANT ID CREATED FROM ABOVE STEP"
+CUSTOS_CLIENT_SEC="SUPERT TENANT CREDENTIAL CREATED FROM ABOVE STEP"
+CUSTOS_API_URL="http://localhost:10000";
+CUSTOS_SUPER_CLIENT_ID="SUPERT TENANT ID CREATED FROM ABOVE STEP"
+UNDER_MAINTENANCE=False
+```
## Custos Integration With External Applications
Custos can be integrated with external applications using Custos REST
Endpoints, Python SDK, or Java SDK.
@@ -123,13 +139,13 @@ Once above step is done, you can use custos available
methods for authenticatio
```
UserManagementClient userManagementClient =
custosClientProvider.getUserManagementClient();
- userManagementClient.registerUser("Jhon","Smith","testpassword","smith@1",
+ userManagementClient.registerUser("jhon","Smith","testpassword","smith@1",
"[email protected]",false);
- userManagementClient.enableUser("Jhon");
+ userManagementClient.enableUser("jhon");
OperationStatus status = userManagementClient.isUserEnabled("Jhon");
```
#####
-
+### Deploy Custos on remote server
## Roadmap
## Contributing
diff --git
a/custos-client-sdks/custos-java-clients/user-management-client/src/main/java/org/apache/custos/user/management/client/UserManagementClient.java
b/custos-client-sdks/custos-java-clients/user-management-client/src/main/java/org/apache/custos/user/management/client/UserManagementClient.java
index 9de27126f..387b12216 100644
---
a/custos-client-sdks/custos-java-clients/user-management-client/src/main/java/org/apache/custos/user/management/client/UserManagementClient.java
+++
b/custos-client-sdks/custos-java-clients/user-management-client/src/main/java/org/apache/custos/user/management/client/UserManagementClient.java
@@ -135,22 +135,22 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus deleteUserAttributes(String adminToken,
UserAttribute[] attributes, String[] users) {
-
- UserManagementServiceGrpc.UserManagementServiceBlockingStub
unAuthorizedStub =
- UserManagementServiceGrpc.newBlockingStub(managedChannel);
- unAuthorizedStub =
- MetadataUtils.attachHeaders(unAuthorizedStub,
ClientUtils.getAuthorizationHeader(adminToken));
-
-
- DeleteUserAttributeRequest request = DeleteUserAttributeRequest
- .newBuilder()
- .addAllAttributes(Arrays.asList(attributes))
- .addAllUsers(Arrays.asList(users))
- .build();
- return unAuthorizedStub.deleteUserAttributes(request);
-
- }
+// public OperationStatus deleteUserAttributes(String adminToken,
UserAttribute[] attributes, String[] users) {
+//
+// UserManagementServiceGrpc.UserManagementServiceBlockingStub
unAuthorizedStub =
+// UserManagementServiceGrpc.newBlockingStub(managedChannel);
+// unAuthorizedStub =
+// MetadataUtils.attachHeaders(unAuthorizedStub,
ClientUtils.getAuthorizationHeader(adminToken));
+//
+//
+// DeleteUserAttributeRequest request = DeleteUserAttributeRequest
+// .newBuilder()
+// .addAllAttributes(Arrays.asList(attributes))
+// .addAllUsers(Arrays.asList(users))
+// .build();
+// return unAuthorizedStub.deleteUserAttributes(request);
+//
+// }
public OperationStatus addRolesToUsers(String adminToken, String[] roles,
String[] username, boolean isClientLevel) {
@@ -268,52 +268,6 @@ public class UserManagementClient extends AbstractClient {
}
- /**
- * This method provides functionality to search users across child tenants
of main tenant
- * @param clientId Custos client Id of the tenant to search users
- * @param username
- * @param firstName
- * @param lastName
- * @param email
- * @param offset
- * @param limit
- * @return
- */
- public FindUsersResponse findUser(String clientId,
- String username, String firstName,
String lastName,
- String email, int offset, int limit) {
-
- UserSearchMetadata.Builder builder = UserSearchMetadata
- .newBuilder();
-
- if (username != null) {
- builder = builder.setUsername(username);
- }
-
- if (firstName != null) {
- builder = builder.setFirstName(firstName);
- }
-
- if (lastName != null) {
- builder = builder.setLastName(lastName);
- }
-
- if (email != null) {
- builder = builder.setEmail(email);
- }
- UserSearchMetadata metadata = builder.build();
-
- FindUsersRequest request = FindUsersRequest
- .newBuilder()
- .setUser(metadata)
- .setLimit(limit)
- .setOffset(offset)
- .build();
-
- return blockingStub.findUsers(request);
-
- }
-
public OperationStatus resetUserPassword(String username, String password)
{
@@ -350,9 +304,8 @@ public class UserManagementClient extends AbstractClient {
}
- public RegisterUserResponse registerUser(String username, String
firstName, String lastName,
- String password, String email,
boolean isTempPassword,
- String clientId) {
+ public RegisterUserResponse registerUser(String clientId,String username,
String firstName, String lastName,
+ String password, String email,
boolean isTempPassword) {
UserRepresentation userRepresentation = UserRepresentation
.newBuilder()
@@ -375,7 +328,7 @@ public class UserManagementClient extends AbstractClient {
}
- public UserRepresentation enableUser(String userName, String clientId) {
+ public UserRepresentation enableUser(String clientId, String userName) {
UserSearchMetadata metadata = UserSearchMetadata
.newBuilder()
@@ -391,20 +344,20 @@ public class UserManagementClient extends AbstractClient {
return blockingStub.enableUser(request);
}
- public OperationStatus addUserAttributes(UserAttribute[] attributes,
String[] users, String clientId) {
+// public OperationStatus addUserAttributes(String clientId,
UserAttribute[] attributes, String[] users) {
+//
+//
+// AddUserAttributesRequest request = AddUserAttributesRequest
+// .newBuilder()
+// .addAllAttributes(Arrays.asList(attributes))
+// .addAllUsers(Arrays.asList(users))
+// .setClientId(clientId)
+// .build();
+// return blockingStub.addUserAttributes(request);
+//
+// }
-
- AddUserAttributesRequest request = AddUserAttributesRequest
- .newBuilder()
- .addAllAttributes(Arrays.asList(attributes))
- .addAllUsers(Arrays.asList(users))
- .setClientId(clientId)
- .build();
- return blockingStub.addUserAttributes(request);
-
- }
-
- public OperationStatus deleteUserAttributes(UserAttribute[] attributes,
String[] users, String clientId) {
+ public OperationStatus deleteUserAttributes(String clientId,
UserAttribute[] attributes, String[] users) {
DeleteUserAttributeRequest request = DeleteUserAttributeRequest
@@ -418,8 +371,8 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus addRolesToUsers(String[] roles, String[] username,
- boolean isClientLevel, String
clientId, String adminToken) {
+ public OperationStatus addRolesToUsers(String clientId, String adminToken,
String[] roles, String[] username,
+ boolean isClientLevel) {
UserManagementServiceGrpc.UserManagementServiceBlockingStub
unAuthorizedStub =
UserManagementServiceGrpc.newBlockingStub(managedChannel);
unAuthorizedStub =
@@ -439,8 +392,8 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus deleteUserRoles(String[] clientRoles,
- String[] realmRoles, String
username, String clientId, String adminToken) {
+ public OperationStatus deleteUserRoles(String clientId, String adminToken,
String[] clientRoles,
+ String[] realmRoles, String
username) {
UserManagementServiceGrpc.UserManagementServiceBlockingStub
unAuthorizedStub =
UserManagementServiceGrpc.newBlockingStub(managedChannel);
unAuthorizedStub =
@@ -460,7 +413,7 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus isUserEnabled(String username, String clientId) {
+ public OperationStatus isUserEnabled(String clientId, String username) {
UserSearchMetadata metadata = UserSearchMetadata
.newBuilder()
@@ -477,7 +430,7 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus isUsernameAvailable(String username, String
clientId) {
+ public OperationStatus isUsernameAvailable(String clientId, String
username) {
UserSearchMetadata metadata = UserSearchMetadata
.newBuilder()
@@ -494,7 +447,7 @@ public class UserManagementClient extends AbstractClient {
}
- public UserRepresentation getUser(String username, String clientId) {
+ public UserRepresentation getUser(String clientId, String username) {
UserSearchMetadata metadata = UserSearchMetadata
.newBuilder()
.setUsername(username)
@@ -522,8 +475,20 @@ public class UserManagementClient extends AbstractClient {
}
- public FindUsersResponse findUsers(String searchString, String username,
String firstName,
- String lastName, String email, int
offset, int limit, String clientId) {
+ /**
+ * This method provides functionality to search users across child tenants
of main tenant
+ * @param clientId Custos client Id of the tenant to search users
+ * @param searchString this could be any search string e.g username,
firstname, lastname ...etc
+ * @param username
+ * @param firstName
+ * @param lastName
+ * @param email
+ * @param offset
+ * @param limit
+ * @return
+ */
+ public FindUsersResponse findUsers(String clientId, String searchString,
String username, String firstName,
+ String lastName, String email, int
offset, int limit) {
UserSearchMetadata.Builder builder = UserSearchMetadata
.newBuilder();
@@ -562,7 +527,7 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus resetUserPassword(String username, String password,
String clientId) {
+ public OperationStatus resetUserPassword(String clientId, String username,
String password) {
ResetUserPassword userPassword = ResetUserPassword
.newBuilder()
@@ -576,7 +541,7 @@ public class UserManagementClient extends AbstractClient {
}
- public OperationStatus deleteUser(String username, String clientId, String
adminToken) {
+ public OperationStatus deleteUser(String clientId, String
adminToken,String username) {
UserManagementServiceGrpc.UserManagementServiceBlockingStub stub =
UserManagementServiceGrpc.newBlockingStub(managedChannel);
@@ -600,8 +565,7 @@ public class UserManagementClient extends AbstractClient {
}
- public UserProfile updateUserProfile(String username, String firstName,
String lastName, String email,
- String clientId) {
+ public UserProfile updateUserProfile(String clientId, String username,
String firstName, String lastName, String email) {
UserProfile userProfile = UserProfile.newBuilder()
diff --git
a/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
b/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
index 7de55af12..cb20bfeb0 100644
---
a/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
+++
b/custos-services/custos-core-services/credential-store-core-service/src/main/java/org/apache/custos/credential/store/service/CredentialStoreService.java
@@ -432,7 +432,7 @@ public class CredentialStoreService extends
CredentialStoreServiceImplBase {
CredentialEntity entity = repository.findByClientId(clientId);
if (entity == null) {
- String msg = " Credentials not found for user " + clientId;
+ String msg = " Credentials not found for clientId " + clientId;
responseObserver.onError(Status.NOT_FOUND.withDescription(msg).asRuntimeException());
return;
}
@@ -871,7 +871,7 @@ public class CredentialStoreService extends
CredentialStoreServiceImplBase {
request.getOwnerId());
if (entity == null) {
- String msg = " Credentials not found for user " + clientId;
+ String msg = " Credentials not found for client Id " +
clientId;
responseObserver.onError(Status.NOT_FOUND.withDescription(msg).asRuntimeException());
return;
}
diff --git
a/custos-services/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
b/custos-services/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
index a8c24da6a..d83a9962d 100644
---
a/custos-services/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
+++
b/custos-services/custos-integration-services/custos-integration-services-commons/src/main/java/org/apache/custos/integration/services/commons/interceptors/AuthInterceptor.java
@@ -327,7 +327,7 @@ public abstract class AuthInterceptor implements
IntegrationServiceInterceptor {
Optional<AuthClaim> childClaim = getAuthClaim(allCredentials);
- if (childClaim.isPresent() &&
(!validateTenantStatus(childClaim.get().getTenantId()) ||
+ if (childClaim.isPresent() && !authClaim.get().isSuperTenant() &&
(!validateTenantStatus(childClaim.get().getTenantId()) ||
!validateParentChildTenantRelationShip(authClaim.get().getTenantId(),
childClaim.get().getTenantId()))) {
return Optional.empty();
}
