DImuthuUpe commented on a change in pull request #6: URL: https://github.com/apache/airavata-mft/pull/6#discussion_r413114202
########## File path: transport/gcp-transport/pom.xml ########## @@ -0,0 +1,39 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0"; Review comment: Add apache header ########## File path: services/secret-service/server/src/main/java/org/apache/airavata/mft/secret/server/backend/file/FileBasedSecretBackend.java ########## @@ -211,4 +213,57 @@ public boolean updateAzureSecret(AzureSecretUpdateRequest request) throws Except public boolean deleteAzureSecret(AzureSecretDeleteRequest request) throws Exception { throw new UnsupportedOperationException("Operation is not supported in backend"); } + + @Override + public Optional<GCSSecret> getGCSSecret(GCSSecretGetRequest request) throws Exception { + JSONParser jsonParser = new JSONParser(); + InputStream inputStream = FileBasedSecretBackend.class.getClassLoader().getResourceAsStream(secretFile); + + try (InputStreamReader reader = new InputStreamReader(inputStream)) { + Object obj = jsonParser.parse(reader); + JSONArray resourceList = (JSONArray) obj; + + List<GCSSecret> gcsSecrets = (List<GCSSecret>) resourceList.stream() + .filter(resource -> "GCS".equals(((JSONObject) resource).get("type").toString())) + .map(resource -> { + JSONObject r = (JSONObject) resource; + StringBuilder contentBuilder = new StringBuilder(); + BufferedReader br = null; + String jsonContents = ""; + try { + br = new BufferedReader(new FileReader(r.get("jsonCredentialsFilePath").toString())); Review comment: Because this is the file based secret backend, it should read all credentials from the secrets.json file. You can add the credential json file content with a secret id to secrets json. Then It will be consistent with other secret implementations For example, { "type": "GCS", "secret_id": "gcs-sample-secret", "json": <json_content> } ########## File path: transport/gcp-transport/src/main/java/org/apache/airavata/mft/transport/gcp/GCSMetadataCollector.java ########## @@ -0,0 +1,102 @@ +package org.apache.airavata.mft.transport.gcp; + +import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; +import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport; +import com.google.api.client.http.HttpTransport; +import com.google.api.client.json.JsonFactory; +import com.google.api.client.json.jackson2.JacksonFactory; +import com.google.api.services.storage.Storage; +import com.google.api.services.storage.StorageScopes; +import com.google.api.services.storage.model.StorageObject; +import org.apache.airavata.mft.core.ResourceMetadata; +import org.apache.airavata.mft.core.api.MetadataCollector; +import org.apache.airavata.mft.resource.client.ResourceServiceClient; +import org.apache.airavata.mft.resource.service.GCSResource; +import org.apache.airavata.mft.resource.service.GCSResourceGetRequest; +import org.apache.airavata.mft.resource.service.ResourceServiceGrpc; +import org.apache.airavata.mft.secret.client.SecretServiceClient; +import org.apache.airavata.mft.secret.service.GCSSecret; +import org.apache.airavata.mft.secret.service.GCSSecretGetRequest; +import org.apache.airavata.mft.secret.service.SecretServiceGrpc; + +import java.io.ByteArrayInputStream; +import java.math.BigInteger; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Collection; + +public class GCSMetadataCollector implements MetadataCollector { + + boolean initialized = false; + private String resourceServiceHost; + private int resourceServicePort; + private String secretServiceHost; + private int secretServicePort; + + @Override + public void init(String resourceServiceHost, int resourceServicePort, String secretServiceHost, int secretServicePort) { + this.resourceServiceHost = resourceServiceHost; + this.resourceServicePort = resourceServicePort; + this.secretServiceHost = secretServiceHost; + this.secretServicePort = secretServicePort; + this.initialized = true; + } + + private void checkInitialized() { + if (!initialized) { + throw new IllegalStateException("GCS Metadata Collector is not initialized"); + } + } + + @Override + public ResourceMetadata getGetResourceMetadata(String resourceId, String credentialToken) throws Exception { + checkInitialized(); + ResourceServiceGrpc.ResourceServiceBlockingStub resourceClient = ResourceServiceClient.buildClient(resourceServiceHost, resourceServicePort); + GCSResource gcsResource = resourceClient.getGCSResource(GCSResourceGetRequest.newBuilder().setResourceId(resourceId).build()); + + SecretServiceGrpc.SecretServiceBlockingStub secretClient = SecretServiceClient.buildClient(secretServiceHost, secretServicePort); + GCSSecret gcsSecret = secretClient.getGCSSecret(GCSSecretGetRequest.newBuilder().setSecretId(credentialToken).build()); + + HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport(); + JsonFactory jsonFactory = new JacksonFactory(); + String jsonString = gcsSecret.getJsonCredentialsFilePath(); Review comment: Good. Please change the property name to jsonFileCredentialsFilePath => credentialJson and refer to my comments given to file based secret backend ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
