airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [4/4] airavata git commit: Setting up Keycloak admin user and gw resource profile
Date Fri, 16 Jun 2017 15:36:07 GMT
Setting up Keycloak admin user and gw resource profile


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/555eb6bc
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/555eb6bc
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/555eb6bc

Branch: refs/heads/develop
Commit: 555eb6bccb18767bc464a34d67edfd3a8ce33318
Parents: 3ed7880
Author: Marcus Christie <machristie@apache.org>
Authored: Fri Jun 16 11:24:41 2017 -0400
Committer: Marcus Christie <machristie@apache.org>
Committed: Fri Jun 16 11:24:41 2017 -0400

----------------------------------------------------------------------
 .../airavata/KeycloakIdentityServerClient.java  | 22 ++++++++++++
 .../org/apache/airavata/MigrationManager.java   | 36 ++++++++++++++++----
 2 files changed, 51 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/555eb6bc/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
index e48e4df..6d26312 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
@@ -141,6 +141,28 @@ public class KeycloakIdentityServerClient {
         }
     }
 
+    public void setUserPassword(String realmId, String username, String newPassword) {
+        List<UserRepresentation> retrieveUserList = client.realm(realmId).users().search(username,
+                null,
+                null,
+                null,
+                0, 1);
+        if (!retrieveUserList.isEmpty()) {
+            UserResource retrievedUser = client.realm(realmId).users().get(retrieveUserList.get(0).getId());
+            CredentialRepresentation credential = new CredentialRepresentation();
+            credential.setType(CredentialRepresentation.PASSWORD);
+            credential.setValue(newPassword);
+            credential.setTemporary(false);
+            retrievedUser.resetPassword(credential);
+            // Remove the UPDATE_PASSWORD required action
+            UserRepresentation userRepresentation = retrievedUser.toRepresentation();
+            userRepresentation.getRequiredActions().remove("UPDATE_PASSWORD");
+            retrievedUser.update(userRepresentation);
+        } else {
+            throw new RuntimeException("Requested user not found");
+        }
+    }
+
     private Map<String,RoleRepresentation> getRealmRoleNameMap(String targetRealm)
{
         return this.client.realm(targetRealm).roles().list()
                 .stream()

http://git-wip-us.apache.org/repos/asf/airavata/blob/555eb6bc/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
index 067cdd1..ef89cf1 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
@@ -23,6 +23,9 @@ import org.apache.airavata.api.Airavata;
 import org.apache.airavata.api.client.AiravataClientFactory;
 import org.apache.airavata.common.exception.ApplicationSettingsException;
 import org.apache.airavata.common.utils.Constants;
+import org.apache.airavata.credential.store.client.CredentialStoreClientFactory;
+import org.apache.airavata.credential.store.cpi.CredentialStoreService;
+import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile;
 import org.apache.airavata.model.credential.store.PasswordCredential;
 import org.apache.airavata.model.error.AiravataClientException;
 import org.apache.airavata.model.security.AuthzToken;
@@ -164,7 +167,8 @@ public class MigrationManager {
                             userProfile.setAccountLocked(claim.getValue().equals("true"));
                         }
                     }
-                    userProfile.setUserName(user);
+                    // Lowercase all usernames as required by Keycloak and User Profile service
+                    userProfile.setUserName(user.toLowerCase());
                     userProfile.setGatewayID(creds.getGateway());
                     userProfile.setPhones(phones);
                     if (!userProfile.isAccountLocked()) {
@@ -271,6 +275,18 @@ public class MigrationManager {
         // Update Gateway profile with the client id and secret
         System.out.println("Updating gateway with OAuth client id and secret ...");
         tenantProfileServiceClient.updateGateway(authzToken, gatewayWithIdAndSecret);
+
+        KeycloakIdentityServerClient keycloakIdentityServerClient = getKeycloakIdentityServerClient();
+        // Set the admin user's password to the same as it was for wso2IS
+        keycloakIdentityServerClient.setUserPassword(gatewayId, this.gatewayAdminUsername,
this.wso2ISAdminPassword);
+
+        // Create password credential for admin username and password
+        String passwordToken = airavataClient.registerPwdCredential(authzToken, gatewayId,
this.gatewayAdminUsername, this.gatewayAdminUsername, this.wso2ISAdminPassword, "Keycloak
admin password for realm " + gatewayId);
+
+        // Update gateway resource profile with tenant id (gatewayId) and admin user password
token
+        GatewayResourceProfile gatewayResourceProfile = airavataClient.getGatewayResourceProfile(authzToken,
gatewayId);
+        gatewayResourceProfile.setIdentityServerTenant(gatewayId);
+        gatewayResourceProfile.setIdentityServerPwdCredToken(passwordToken);
         return true;
     }
 
@@ -308,14 +324,18 @@ public class MigrationManager {
     }
 
     private void migrateUserProfilesToKeycloak(List<UserProfileDAO> Wso2ISProfileList){
-        KeycloakIdentityServerClient client = new KeycloakIdentityServerClient(this.keycloakServiceURL,
-                this.keycloakAdminUsername,
-                this.keycloakAdminPassword,
-                this.keycloakTrustStorePath,
-                this.keycloakTrustStorePassword);
+        KeycloakIdentityServerClient client = getKeycloakIdentityServerClient();
         client.migrateUserStore(Wso2ISProfileList, this.gatewayId, this.keycloakTemporaryUserPassword,
this.roleConversionMap);
     }
 
+    private KeycloakIdentityServerClient getKeycloakIdentityServerClient() {
+        return new KeycloakIdentityServerClient(this.keycloakServiceURL,
+                    this.keycloakAdminUsername,
+                    this.keycloakAdminPassword,
+                    this.keycloakTrustStorePath,
+                    this.keycloakTrustStorePassword);
+    }
+
     private void loadConfigFile(String filename) {
         Properties properties = new Properties();
         try {
@@ -361,8 +381,10 @@ public class MigrationManager {
         List<UserProfileDAO> userProfileList = migrationManager.getUserProfilesFromWso2IS();
         try {
             migrationManager.migrateGatewayProfileToAiravata();
-            migrationManager.migrateUserProfilesToAiravata(userProfileList);
+            // Must migrate profiles to Keycloak first because Profile Service will attempt
to keep user profiles
+            // in since with Keycloak user profiles
             migrationManager.migrateUserProfilesToKeycloak(userProfileList);
+            migrationManager.migrateUserProfilesToAiravata(userProfileList);
         } catch (Exception e) {
             throw new RuntimeException(e);
         }


Mime
View raw message