This is an automated email from the ASF dual-hosted git repository. yasith pushed a commit to branch resource-mgmt-rest-api in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 9e737afa6e1e63fd94268f1d30d42ebd918be9cf Author: yasithdev <[email protected]> AuthorDate: Mon Nov 10 18:42:14 2025 -0500 update iamadminserviceshandler --- ...inServicesHandler.java => IamAdminService.java} | 94 ++------ .../profile/handlers/IamAdminServicesHandler.java | 236 +++++++-------------- 2 files changed, 94 insertions(+), 236 deletions(-) diff --git a/airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-api/src/main/java/org/apache/airavata/service/IamAdminService.java similarity index 86% copy from airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java copy to airavata-api/src/main/java/org/apache/airavata/service/IamAdminService.java index 2da10e50fe..5a9ffd6d69 100644 --- a/airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java +++ b/airavata-api/src/main/java/org/apache/airavata/service/IamAdminService.java @@ -17,7 +17,7 @@ * specific language governing permissions and limitations * under the License. */ -package org.apache.airavata.service.profile.handlers; +package org.apache.airavata.service; import java.util.List; import org.apache.airavata.common.exception.AiravataException; @@ -34,7 +34,6 @@ import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfil import org.apache.airavata.model.credential.store.PasswordCredential; import org.apache.airavata.model.dbevent.CrudType; import org.apache.airavata.model.dbevent.EntityType; -import org.apache.airavata.model.error.AuthorizationException; import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.model.workspace.Gateway; @@ -42,30 +41,18 @@ import org.apache.airavata.registry.api.RegistryService; import org.apache.airavata.registry.api.client.RegistryServiceClientFactory; import org.apache.airavata.registry.api.exception.RegistryServiceException; import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl; -import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices; import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; -import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants; import org.apache.airavata.service.profile.user.core.repositories.UserProfileRepository; -import org.apache.airavata.service.security.interceptor.SecurityCheck; import org.apache.thrift.TException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class IamAdminServicesHandler implements IamAdminServices.Iface { - - private static final Logger logger = LoggerFactory.getLogger(IamAdminServicesHandler.class); +public class IamAdminService { + private static final Logger logger = LoggerFactory.getLogger(IamAdminService.class); private UserProfileRepository userProfileRepository = new UserProfileRepository(); private DBEventPublisherUtils dbEventPublisherUtils = new DBEventPublisherUtils(DBEventService.IAM_ADMIN); - @Override - public String getAPIVersion() throws TException { - return iam_admin_services_cpiConstants.IAM_ADMIN_SERVICES_CPI_VERSION; - } - - @Override - @SecurityCheck - public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) - throws IamAdminServicesException, AuthorizationException { + public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential(); try { @@ -90,18 +77,12 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - public boolean isUsernameAvailable(AuthzToken authzToken, String username) - throws IamAdminServicesException, AuthorizationException, TException { + public boolean isUsernameAvailable(AuthzToken authzToken, String username) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakClient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); return keycloakClient.isUsernameAvailable(authzToken.getAccessToken(), gatewayId, username); } - // ToDo: Will only be secure when using SSL between PGA and Airavata - @Override - @SecurityCheck public boolean registerUser( AuthzToken authzToken, String username, @@ -109,7 +90,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { String firstName, String lastName, String newPassword) - throws IamAdminServicesException, AuthorizationException { + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -124,10 +105,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - public boolean enableUser(AuthzToken authzToken, String username) - throws IamAdminServicesException, AuthorizationException { + public boolean enableUser(AuthzToken authzToken, String username) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -158,10 +136,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - public boolean isUserEnabled(AuthzToken authzToken, String username) - throws IamAdminServicesException, AuthorizationException, TException { + public boolean isUserEnabled(AuthzToken authzToken, String username) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -173,10 +148,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - public boolean isUserExist(AuthzToken authzToken, String username) - throws IamAdminServicesException, AuthorizationException, TException { + public boolean isUserExist(AuthzToken authzToken, String username) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -188,10 +160,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - public UserProfile getUser(AuthzToken authzToken, String username) - throws IamAdminServicesException, AuthorizationException, TException { + public UserProfile getUser(AuthzToken authzToken, String username) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -203,10 +172,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck public List<UserProfile> getUsers(AuthzToken authzToken, int offset, int limit, String search) - throws IamAdminServicesException, AuthorizationException, TException { + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -218,10 +185,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword) - throws IamAdminServicesException, AuthorizationException, TException { + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -235,10 +200,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) - throws IamAdminServicesException, AuthorizationException, TException { + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -250,34 +213,21 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) - throws IamAdminServicesException, AuthorizationException, TException { - + public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String username = userDetails.getUserId(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - keycloakclient.updateUserProfile(authzToken.getAccessToken(), gatewayId, username, userDetails); } - @Override - @SecurityCheck - public boolean deleteUser(AuthzToken authzToken, String username) - throws IamAdminServicesException, AuthorizationException, TException { - + public boolean deleteUser(AuthzToken authzToken, String username) throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - return keycloakclient.deleteUser(authzToken.getAccessToken(), gatewayId, username); } - @Override - @SecurityCheck - @Deprecated public boolean addRoleToUser(AuthzToken authzToken, String username, String roleName) - throws IamAdminServicesException, AuthorizationException, TException { + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -290,11 +240,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - @Deprecated public boolean removeRoleFromUser(AuthzToken authzToken, String username, String roleName) - throws IamAdminServicesException, AuthorizationException, TException { + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -307,12 +254,8 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - @Override - @SecurityCheck - @Deprecated public List<UserProfile> getUsersWithRole(AuthzToken authzToken, String roleName) - throws IamAdminServicesException, AuthorizationException, TException { - + throws IamAdminServicesException { TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { @@ -366,3 +309,4 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } } + diff --git a/airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java b/airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java index 2da10e50fe..ca72627f70 100644 --- a/airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java +++ b/airavata-api/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java @@ -20,32 +20,13 @@ package org.apache.airavata.service.profile.handlers; import java.util.List; -import org.apache.airavata.common.exception.AiravataException; -import org.apache.airavata.common.exception.ApplicationSettingsException; -import org.apache.airavata.common.utils.AiravataUtils; -import org.apache.airavata.common.utils.Constants; -import org.apache.airavata.common.utils.DBEventService; -import org.apache.airavata.common.utils.ServerSettings; -import org.apache.airavata.credential.store.client.CredentialStoreClientFactory; -import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.messaging.core.util.DBEventPublisherUtils; -import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile; -import org.apache.airavata.model.credential.store.PasswordCredential; -import org.apache.airavata.model.dbevent.CrudType; -import org.apache.airavata.model.dbevent.EntityType; import org.apache.airavata.model.error.AuthorizationException; import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.model.workspace.Gateway; -import org.apache.airavata.registry.api.RegistryService; -import org.apache.airavata.registry.api.client.RegistryServiceClientFactory; -import org.apache.airavata.registry.api.exception.RegistryServiceException; -import org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl; import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices; import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants; -import org.apache.airavata.service.profile.user.core.repositories.UserProfileRepository; import org.apache.airavata.service.security.interceptor.SecurityCheck; import org.apache.thrift.TException; import org.slf4j.Logger; @@ -54,8 +35,11 @@ import org.slf4j.LoggerFactory; public class IamAdminServicesHandler implements IamAdminServices.Iface { private static final Logger logger = LoggerFactory.getLogger(IamAdminServicesHandler.class); - private UserProfileRepository userProfileRepository = new UserProfileRepository(); - private DBEventPublisherUtils dbEventPublisherUtils = new DBEventPublisherUtils(DBEventService.IAM_ADMIN); + private org.apache.airavata.service.IamAdminService iamAdminService; + + public IamAdminServicesHandler() { + iamAdminService = new org.apache.airavata.service.IamAdminService(); + } @Override public String getAPIVersion() throws TException { @@ -66,24 +50,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential(); try { - keycloakclient.addTenant(isSuperAdminCredentials, gateway); - - // Load the tenant admin password stored in gateway request - CredentialStoreService.Client credentialStoreClient = getCredentialStoreServiceClient(); - // Admin password token should already be stored under requested gateway's gatewayId - PasswordCredential tenantAdminPasswordCredential = credentialStoreClient.getPasswordCredential( - gateway.getIdentityServerPasswordToken(), gateway.getGatewayId()); - - if (!keycloakclient.createTenantAdminAccount( - isSuperAdminCredentials, gateway, tenantAdminPasswordCredential.getPassword())) { - logger.error("Admin account creation failed !!, please refer error logs for reason"); - } - Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway); - return gatewayWithIdAndSecret; - } catch (TException | ApplicationSettingsException ex) { + return iamAdminService.setUpGateway(authzToken, gateway); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex); IamAdminServicesException iamAdminServicesException = new IamAdminServicesException(ex.getMessage()); throw iamAdminServicesException; @@ -94,12 +65,17 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public boolean isUsernameAvailable(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakClient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - return keycloakClient.isUsernameAvailable(authzToken.getAccessToken(), gatewayId, username); + try { + return iamAdminService.isUsernameAvailable(authzToken, username); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { + String msg = "Error while checking username availability, reason: " + ex.getMessage(); + logger.error(msg, ex); + throw new IamAdminServicesException(msg); + } } - // ToDo: Will only be secure when using SSL between PGA and Airavata @Override @SecurityCheck public boolean registerUser( @@ -110,14 +86,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - if (keycloakclient.createUser( - authzToken.getAccessToken(), gatewayId, username, emailAddress, firstName, lastName, newPassword)) - return true; - else return false; - } catch (TException ex) { + return iamAdminService.registerUser(authzToken, username, emailAddress, firstName, lastName, newPassword); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { String msg = "Error while registering user into Identity Server, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -128,30 +101,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public boolean enableUser(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - if (keycloakclient.enableUserAccount(authzToken.getAccessToken(), gatewayId, username)) { - // Check if user profile exists, if not create it - boolean userProfileExists = - userProfileRepository.getUserProfileByIdAndGateWay(username, gatewayId) != null; - if (!userProfileExists) { - // Load basic user profile information from Keycloak and then save in UserProfileRepository - UserProfile userProfile = keycloakclient.getUser(authzToken.getAccessToken(), gatewayId, username); - userProfile.setCreationTime( - AiravataUtils.getCurrentTimestamp().getTime()); - userProfile.setLastAccessTime( - AiravataUtils.getCurrentTimestamp().getTime()); - userProfile.setValidUntil(-1); - userProfileRepository.createUserProfile(userProfile); - // Dispatch IAM_ADMIN service event for a new USER_PROFILE - dbEventPublisherUtils.publish(EntityType.USER_PROFILE, CrudType.CREATE, userProfile); - } - return true; - } else { - return false; - } - } catch (TException | AiravataException ex) { + return iamAdminService.enableUser(authzToken, username); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { String msg = "Error while enabling user account, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -162,10 +116,10 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public boolean isUserEnabled(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - return keycloakclient.isUserAccountEnabled(authzToken.getAccessToken(), gatewayId, username); + return iamAdminService.isUserEnabled(authzToken, username); + } catch (IamAdminServicesException e) { + throw e; } catch (Exception ex) { String msg = "Error while checking if user account is enabled, reason: " + ex.getMessage(); logger.error(msg, ex); @@ -177,10 +131,10 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public boolean isUserExist(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - return keycloakclient.isUserExist(authzToken.getAccessToken(), gatewayId, username); + return iamAdminService.isUserExist(authzToken, username); + } catch (IamAdminServicesException e) { + throw e; } catch (Exception ex) { String msg = "Error while checking if user account exists, reason: " + ex.getMessage(); logger.error(msg, ex); @@ -192,10 +146,10 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public UserProfile getUser(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - return keycloakclient.getUser(authzToken.getAccessToken(), gatewayId, username); + return iamAdminService.getUser(authzToken, username); + } catch (IamAdminServicesException e) { + throw e; } catch (Exception ex) { String msg = "Error while retrieving user profile from IAM backend, reason: " + ex.getMessage(); logger.error(msg, ex); @@ -207,10 +161,10 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public List<UserProfile> getUsers(AuthzToken authzToken, int offset, int limit, String search) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - return keycloakclient.getUsers(authzToken.getAccessToken(), gatewayId, offset, limit, search); + return iamAdminService.getUsers(authzToken, offset, limit, search); + } catch (IamAdminServicesException e) { + throw e; } catch (Exception ex) { String msg = "Error while retrieving user profile from IAM backend, reason: " + ex.getMessage(); logger.error(msg, ex); @@ -222,13 +176,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - if (keycloakclient.resetUserPassword(authzToken.getAccessToken(), gatewayId, username, newPassword)) - return true; - else return false; - } catch (TException ex) { + return iamAdminService.resetUserPassword(authzToken, username, newPassword); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { String msg = "Error while resetting user password in Identity Server, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -239,11 +191,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public List<UserProfile> findUsers(AuthzToken authzToken, String email, String userId) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - return keycloakclient.findUser(authzToken.getAccessToken(), gatewayId, email, userId); - } catch (TException ex) { + return iamAdminService.findUsers(authzToken, email, userId); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { String msg = "Error while retrieving users from Identity Server, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -254,23 +206,30 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @SecurityCheck public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException, AuthorizationException, TException { - - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String username = userDetails.getUserId(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - - keycloakclient.updateUserProfile(authzToken.getAccessToken(), gatewayId, username, userDetails); + try { + iamAdminService.updateUserProfile(authzToken, userDetails); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { + String msg = "Error while updating user profile, reason: " + ex.getMessage(); + logger.error(msg, ex); + throw new IamAdminServicesException(msg); + } } @Override @SecurityCheck public boolean deleteUser(AuthzToken authzToken, String username) throws IamAdminServicesException, AuthorizationException, TException { - - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - - return keycloakclient.deleteUser(authzToken.getAccessToken(), gatewayId, username); + try { + return iamAdminService.deleteUser(authzToken, username); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { + String msg = "Error while deleting user, reason: " + ex.getMessage(); + logger.error(msg, ex); + throw new IamAdminServicesException(msg); + } } @Override @@ -278,12 +237,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @Deprecated public boolean addRoleToUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); - return keycloakclient.addRoleToUser(isRealmAdminCredentials, gatewayId, username, roleName); - } catch (TException | ApplicationSettingsException ex) { + return iamAdminService.addRoleToUser(authzToken, username, roleName); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { String msg = "Error while adding role to user, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -295,12 +253,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @Deprecated public boolean removeRoleFromUser(AuthzToken authzToken, String username, String roleName) throws IamAdminServicesException, AuthorizationException, TException { - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); - return keycloakclient.removeRoleFromUser(isRealmAdminCredentials, gatewayId, username, roleName); - } catch (TException | ApplicationSettingsException ex) { + return iamAdminService.removeRoleFromUser(authzToken, username, roleName); + } catch (IamAdminServicesException e) { + throw e; + } catch (Exception ex) { String msg = "Error while removing role from user, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); @@ -312,57 +269,14 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { @Deprecated public List<UserProfile> getUsersWithRole(AuthzToken authzToken, String roleName) throws IamAdminServicesException, AuthorizationException, TException { - - TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl(); - String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); try { - PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId); - return keycloakclient.getUsersWithRole(isRealmAdminCredentials, gatewayId, roleName); + return iamAdminService.getUsersWithRole(authzToken, roleName); + } catch (IamAdminServicesException e) { + throw e; } catch (Exception ex) { String msg = "Error while retrieving users with role, reason: " + ex.getMessage(); logger.error(msg, ex); throw new IamAdminServicesException(msg); } } - - private PasswordCredential getSuperAdminPasswordCredential() { - PasswordCredential isSuperAdminCredentials = new PasswordCredential(); - try { - isSuperAdminCredentials.setLoginUserName(ServerSettings.getIamServerSuperAdminUsername()); - isSuperAdminCredentials.setPassword(ServerSettings.getIamServerSuperAdminPassword()); - } catch (ApplicationSettingsException e) { - throw new RuntimeException("Unable to get settings for IAM super admin username/password", e); - } - return isSuperAdminCredentials; - } - - private PasswordCredential getTenantAdminPasswordCredential(String tenantId) - throws TException, ApplicationSettingsException { - - GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(tenantId); - - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - return csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); - } - - private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort()); - final String serverHost = ServerSettings.getRegistryServerHost(); - try { - return RegistryServiceClientFactory.createRegistryClient(serverHost, serverPort); - } catch (RegistryServiceException e) { - throw new TException("Unable to create registry client...", e); - } - } - - private CredentialStoreService.Client getCredentialStoreServiceClient() - throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); - try { - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException e) { - throw new TException("Unable to create credential store client...", e); - } - } }
