[GitHub] airavata issue #108: Identity Server Admin Services
Github user anujbhan commented on the issue: https://github.com/apache/airavata/pull/108 @machristie and @scnakandala , I have implemented the discussed features, and also added resetPass and find user API's as requested by Supun. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114192869 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114192120 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114191990 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user machristie commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114191936 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("A
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user machristie commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114191738 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("A
[GitHub] airavata issue #108: Identity Server Admin Services
Github user marcus commented on the issue: https://github.com/apache/airavata/pull/108 @anujbhan I'm not the marcus you're looking for :) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114189806 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114189064 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114188916 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user machristie commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114188896 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("A
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user machristie commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114188541 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("A
[GitHub] airavata pull request #109: Keycloak admin client for user migration - With ...
Github user asfgit closed the pull request at: https://github.com/apache/airavata/pull/109 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] airavata pull request #109: Keycloak admin client for user migration - With ...
GitHub user anujbhan opened a pull request: https://github.com/apache/airavata/pull/109 Keycloak admin client for user migration - With Resolved Conflicts same as : https://github.com/apache/airavata/pull/106 You can merge this pull request into a Git repository by running: $ git pull https://github.com/anujbhan/airavata is-user-migration Alternatively you can review and apply these changes as the patch at: https://github.com/apache/airavata/pull/109.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #109 commit 8327c29f036ebcc93bc3f3616756c67bb36b7341 Author: Anuj Bhandar Date: 2017-04-17T21:38:33Z boiler plate code for keycloak admin client commit ec35622d02a970a31dfe47c4b13312665143167d Author: Anuj Bhandar Date: 2017-04-23T20:32:54Z adding keycloak userstore migrator commit 161680df9675a92ae7e3fbfc616187801beb4f46 Author: Anuj Bhandar Date: 2017-04-23T20:58:07Z adding pom file missed out in last commit commit 7d97f7340539968057196082395d14f5c616a24c Author: Anuj Bhandar Date: 2017-04-24T19:48:37Z removing installCert --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] airavata issue #106: Keycloak admin client for user migration
Github user anujbhan commented on the issue: https://github.com/apache/airavata/pull/106 merge conflicts, closing this pull request. Will open a new one with resolved conflicts --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] airavata pull request #106: Keycloak admin client for user migration
Github user anujbhan closed the pull request at: https://github.com/apache/airavata/pull/106 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114181749 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114181574 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[GitHub] airavata pull request #108: Identity Server Admin Services
Github user anujbhan commented on a diff in the pull request: https://github.com/apache/airavata/pull/108#discussion_r114181208 --- Diff: airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java --- @@ -0,0 +1,254 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ + +package org.apache.airavata.service.profile.iam.admin.services.core.impl; + +import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.common.utils.ServerSettings; +import org.apache.airavata.model.credential.store.PasswordCredential; +import org.apache.airavata.model.user.UserProfile; +import org.apache.airavata.model.workspace.Gateway; +import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface; +import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; +import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.representations.idm.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; + +public class TenantManagementKeycloakImpl implements TenantManagementInterface { + +private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class); + +private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds) { + +return Keycloak.getInstance( +adminUrl, +realm, // the realm to log in to +AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(), // the user +"admin-cli"); // admin-cli is the client ID used for keycloak admin operations. +} + +@Override +public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails) throws IamAdminServicesException { +try { +// get client +Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(), "master", isSuperAdminPasswordCreds); +// create realm +RealmRepresentation newRealmDetails = new RealmRepresentation(); +newRealmDetails.setEnabled(true); +newRealmDetails.setId(gatewayDetails.getGatewayId()); + newRealmDetails.setDisplayName(gatewayDetails.getGatewayName()); +newRealmDetails.setRealm(gatewayDetails.getGatewayId()); +RealmRepresentation realmWithRoles = TenantManagementKeycloakImpl.createDefaultRoles(newRealmDetails); +client.realms().create(realmWithRoles); +return gatewayDetails; +} catch (ApplicationSettingsException ex) { +logger.error("Error getting values from property file, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error getting Iam server Url from property file, reason: " + ex.getMessage()); +throw exception; +} catch (Exception ex){ +logger.error("Error creating Realm in Keycloak Server, reason: " + ex.getCause(), ex); +IamAdminServicesException exception = new IamAdminServicesException(); +exception.setMessage("Error creating Realm in Keycloak Server, reason: " + ex.getMessage()); +throw exception; +} +} + +public static RealmRepresentation createDefaultRoles(RealmRepresentation realmDetails){ +List defaultRoles = new ArrayList(); +RoleRepresentation adminRole = new RoleRepresentation(); +adminRole.setName("admin"); +adminRole.setDescription("Adm
[jira] [Commented] (AIRAVATA-2376) Duplicating experiment records in Experiment statistics and Experiment browse
[ https://issues.apache.org/jira/browse/AIRAVATA-2376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991236#comment-15991236 ] Marcus Christie commented on AIRAVATA-2376: --- Just documenting a quick fix I tried to apply but it didn't work but it might be the start of a complete solution. The problem is in the LATEST_EXPERIMENT_STATUS view. It orders EXPERIMENT_STATUS by TIME_OF_STATE_CHANGE but sometimes two statuses have the same TIME_OF_STATE_CHANGE. There are a couple of ways to fix this. One way that I tried is that the TIME_OF_STATE_CHANGE only has accuracy to the nearest second. I tried adding millisecond accuracy like so {code:sql} ALTER TABLE EXPERIMENT_STATUS MODIFY COLUMN TIME_OF_STATE_CHANGE TIMESTAMP(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6); {code} See also https://mariadb.com/kb/en/mariadb/microseconds-in-mariadb/ This changed the definition of the column but the values stored are still being put in as a whole second. I think maybe the client code needs to be updated somehow. According to http://stackoverflow.com/a/25803063 one has to enable useFractionalSeconds in the JDBC driver. > Duplicating experiment records in Experiment statistics and Experiment browse > - > > Key: AIRAVATA-2376 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2376 > Project: Airavata > Issue Type: Bug > Components: PGA PHP Web Gateway, Registry API >Affects Versions: 0.17 > Environment: https://seagrid.org and all other gateways as well >Reporter: Eroma >Assignee: Marcus Christie > Fix For: 0.17 > > > When experiments are launched there are two records in EXPERIMENT SUMMARY > table for LAUNCHED and EXECUTING state which has the exact same state change > time. In PGA however two records show up for the same experiment and with > same status. e.g.: two exact records for a single experiment. This only > appears until the experiment is FAILED or COMPLETED. But both users and > gateway admins notices this and this needs fixing. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (AIRAVATA-2376) Duplicating experiment records in Experiment statistics and Experiment browse
[ https://issues.apache.org/jira/browse/AIRAVATA-2376?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Marcus Christie updated AIRAVATA-2376: -- Description: When experiments are launched there are two records in EXPERIMENT SUMMARY table for LAUNCHED and EXECUTING state which has the exact same state change time. In PGA however two records show up for the same experiment and with same status. e.g.: two exact records for a single experiment. This only appears until the experiment is FAILED or COMPLETED. But both users and gateway admins notices this and this needs fixing. (was: When experiments are launched there are two records in EXPERIMENT SUMMARY table for LAUNCHED and EXECUTING state which has the exact same state change time. In PGA however two records show up for the same experiment and with same status. e.g.: two exact records for a dingle experiment. This only appears until the experiment is FAILED or COMPLETED. But both users and gateway admins notices this and this nee fixing. ) > Duplicating experiment records in Experiment statistics and Experiment browse > - > > Key: AIRAVATA-2376 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2376 > Project: Airavata > Issue Type: Bug > Components: PGA PHP Web Gateway, Registry API >Affects Versions: 0.17 > Environment: https://seagrid.org and all other gateways as well >Reporter: Eroma >Assignee: Marcus Christie > Fix For: 0.17 > > > When experiments are launched there are two records in EXPERIMENT SUMMARY > table for LAUNCHED and EXECUTING state which has the exact same state change > time. In PGA however two records show up for the same experiment and with > same status. e.g.: two exact records for a single experiment. This only > appears until the experiment is FAILED or COMPLETED. But both users and > gateway admins notices this and this needs fixing. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (AIRAVATA-2346) In airavata 0.17 JS deployment user who owns a project cannot edit that project and cannot create experiments in that project
[ https://issues.apache.org/jira/browse/AIRAVATA-2346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991121#comment-15991121 ] ASF subversion and git services commented on AIRAVATA-2346: --- Commit 0dca1aa5add77c1880f5870baa6e5917d46f79b5 in airavata-php-gateway's branch refs/heads/dreg-gateway from [~marcuschristie] [ https://git-wip-us.apache.org/repos/asf?p=airavata-php-gateway.git;h=0dca1aa ] AIRAVATA-2346 Owner is implied to have READ and WRITE permission > In airavata 0.17 JS deployment user who owns a project cannot edit that > project and cannot create experiments in that project > - > > Key: AIRAVATA-2346 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2346 > Project: Airavata > Issue Type: Bug >Reporter: Marcus Christie >Assignee: Marcus Christie > Fix For: 0.17 > > > Projects owned by user display as uneditable in project listing. > When creating an experiment, owned projects don't show up in the project drop > down selection because PGA thinks they aren't writeable. > The problem is that the user has OWNER permission but PGA only checks the > WRITE permission. > A similar problem occurs for experiments as well. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (AIRAVATA-2364) Keep getting 'Maximum execution time of 30 seconds exceeded' when tried to create a project
[ https://issues.apache.org/jira/browse/AIRAVATA-2364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991122#comment-15991122 ] ASF subversion and git services commented on AIRAVATA-2364: --- Commit f06927dd612b2f86cdd7b78e105fb94e611fa1f5 in airavata-php-gateway's branch refs/heads/dreg-gateway from [~marcuschristie] [ https://git-wip-us.apache.org/repos/asf?p=airavata-php-gateway.git;h=f06927d ] AIRAVATA-2364 Deferring loading sharing users until button clicked > Keep getting 'Maximum execution time of 30 seconds exceeded' when tried to > create a project > --- > > Key: AIRAVATA-2364 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2364 > Project: Airavata > Issue Type: Bug > Components: PGA PHP Web Gateway >Affects Versions: 0.17 > Environment: https://beta.seagrid.org/project/create >Reporter: Eroma >Assignee: Marcus Christie > Fix For: 0.17 > > > When clicked Project --> Create keep getting this time out error. Sometimes > when refreshed, it goes away and the screen appears but sometimes keep > getting the time out exception > Thing is its not happening all the time but happened about 3, 4 times today. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (AIRAVATA-2370) Cannot create a new gateway request
[ https://issues.apache.org/jira/browse/AIRAVATA-2370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991123#comment-15991123 ] ASF subversion and git services commented on AIRAVATA-2370: --- Commit 69dba346f01bd356fbad1dc4b603c02ff4d136bc in airavata-php-gateway's branch refs/heads/dreg-gateway from [~marcuschristie] [ https://git-wip-us.apache.org/repos/asf?p=airavata-php-gateway.git;h=69dba34 ] AIRAVATA-2370 restoring gateway request routes Looks like these were unintentionally removed during the develop->master merge. > Cannot create a new gateway request > --- > > Key: AIRAVATA-2370 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2370 > Project: Airavata > Issue Type: New Feature > Components: PGA PHP Web Gateway >Affects Versions: 0.17 >Reporter: Eroma >Assignee: Marcus Christie > Fix For: 0.17 > > > When tried to submit a new gateway request getting error message > 'Looks like something went wrong. Please go back and try again or report this > problem using the help feature.' > When logged in again the previous record was not added and need to create > from the beginning. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (AIRAVATA-2377) Cannot download the MAC desktop client from https://seagrid.org
[ https://issues.apache.org/jira/browse/AIRAVATA-2377?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eroma updated AIRAVATA-2377: Fix Version/s: 0.17 > Cannot download the MAC desktop client from https://seagrid.org > --- > > Key: AIRAVATA-2377 > URL: https://issues.apache.org/jira/browse/AIRAVATA-2377 > Project: Airavata > Issue Type: Bug > Components: PGA PHP Web Gateway > Environment: https://seagrid.org >Reporter: Eroma >Assignee: Supun Chathuranga Nakandala > Fix For: 0.17 > > > When clicked on 'Desktop App for MAC' getting Looks like something went > wrong. Please go back and try again or report this problem using the help > feature. and the client is not getting downloaded to the local machine. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (AIRAVATA-2377) Cannot download the MAC desktop client from https://seagrid.org
Eroma created AIRAVATA-2377: --- Summary: Cannot download the MAC desktop client from https://seagrid.org Key: AIRAVATA-2377 URL: https://issues.apache.org/jira/browse/AIRAVATA-2377 Project: Airavata Issue Type: Bug Components: PGA PHP Web Gateway Environment: https://seagrid.org Reporter: Eroma Assignee: Supun Chathuranga Nakandala When clicked on 'Desktop App for MAC' getting Looks like something went wrong. Please go back and try again or report this problem using the help feature. and the client is not getting downloaded to the local machine. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (AIRAVATA-2376) Duplicating experiment records in Experiment statistics and Experiment browse
Eroma created AIRAVATA-2376: --- Summary: Duplicating experiment records in Experiment statistics and Experiment browse Key: AIRAVATA-2376 URL: https://issues.apache.org/jira/browse/AIRAVATA-2376 Project: Airavata Issue Type: Bug Components: PGA PHP Web Gateway, Registry API Affects Versions: 0.17 Environment: https://seagrid.org and all other gateways as well Reporter: Eroma Assignee: Marcus Christie Fix For: 0.17 When experiments are launched there are two records in EXPERIMENT SUMMARY table for LAUNCHED and EXECUTING state which has the exact same state change time. In PGA however two records show up for the same experiment and with same status. e.g.: two exact records for a dingle experiment. This only appears until the experiment is FAILED or COMPLETED. But both users and gateway admins notices this and this nee fixing. -- This message was sent by Atlassian JIRA (v6.3.15#6346)