yasithdev opened a new pull request, #180:
URL: https://github.com/apache/airavata-portals/pull/180

   ## Summary
   
   Repoints the Django portal's **auth user-management** path from the legacy 
Thrift clients to the new gRPC `iam` facade, using **direct proto types** (no 
Thrift-name roundtrip mapping). Part of Track D (Thrift → gRPC migration).
   
   This removes the Thrift dependency from the account-management flows 
(account creation, email verification, password reset, profile update) — these 
were among the paths that **hung** under the now-defunct Thrift server.
   
   ## Changes
   
   - **`apps/auth/iam_admin_client.py`** — the IAM admin operations 
(`is_username_available`, `register_user`, `is_user_enabled`, `enable_user`, 
`delete_user`, `is_user_exist`, `get_user`, `get_users`, `reset_user_password`) 
ran on the Thrift `iamadmin_client_pool`. They now build a short-lived 
**service-account-scoped** `AiravataClient` and call the gRPC `iam` facade. 
They run in **unauthenticated** contexts, so the client carries the Keycloak 
service-account token plus a `gatewayID` claim (the IAM admin service resolves 
the Keycloak realm from the gateway claim). `update_user`/`update_username` are 
**unchanged** — they already talk to the Keycloak admin REST API directly, not 
Thrift.
   - **`apps/auth/serializers.py` / `apps/auth/views.py`** — the user-profile 
updates (`UserSerializer.update`, `UserViewSet.verify_email_change`) used the 
Thrift `profile_service` user-profile client. They now use 
`request.airavata.iam` (`does_user_exist` / `get_user_profile_by_id` / 
`update_user_profile`) in the authenticated request context.
   - Consumers read the returned protobuf `UserProfile` directly (`first_name` 
/ `last_name` / `emails` / `user_id`) instead of the Thrift attribute names.
   
   ## Testing
   
   - `manage.py check` — green.
   - **Live, real data** against the running backend (gRPC :9090):
     - `is_username_available('default-admin')` → `False` (taken); 
`('nonexistent-…')` → `True` (free)
     - `is_user_exist('default-admin')` → `True`
     - `get_user('default-admin')` → proto 
`UserProfile{user_id='default-admin', first_name='admin', last_name='admin', 
emails=['default-admin@default']}`
     - authenticated user-profile branch: `does_user_exist('default-admin')` → 
`False` (the Keycloak user exists but has no Airavata `UserProfile` yet, so the 
`if` correctly falls back to the Keycloak REST `update_user`); proto mutation 
semantics verified offline.
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to