airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [3/3] airavata git commit: AIRAVATA-2403 Simplifying IamAdminService methods
Date Wed, 21 Jun 2017 18:44:21 GMT
AIRAVATA-2403 Simplifying IamAdminService methods

Making the master realm admin username and password server settings.


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/14bb4321
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/14bb4321
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/14bb4321

Branch: refs/heads/develop
Commit: 14bb4321a24db50ba937e40b0ab5665495a16b88
Parents: 13ed71f
Author: Marcus Christie <machristie@apache.org>
Authored: Wed Jun 21 14:43:32 2017 -0400
Committer: Marcus Christie <machristie@apache.org>
Committed: Wed Jun 21 14:43:32 2017 -0400

----------------------------------------------------------------------
 .../core/impl/TenantManagementKeycloakImpl.java |   72 +-
 .../interfaces/TenantManagementInterface.java   |   31 +-
 .../services/core/tests/SetupNewGateway.java    |    4 +-
 .../handlers/IamAdminServicesHandler.java       |   78 +-
 .../admin/services/cpi/IamAdminServices.java    | 1279 +++++++-----------
 .../scigap/develop/group_vars/all/vars.yml      |    2 +
 .../scigap/develop/group_vars/all/vault.yml     |   61 +-
 .../ansible/roles/api-orch/defaults/main.yml    |    2 +
 .../templates/airavata-server.properties.j2     |    2 +
 .../airavata/common/utils/ServerSettings.java   |   10 +
 .../main/resources/airavata-server.properties   |    4 +-
 .../org/apache/airavata/MigrationManager.java   |    2 +-
 .../iam-admin-services-cpi.thrift               |   25 +-
 13 files changed, 634 insertions(+), 938 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 20b926c..f8d2ca3 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -50,6 +50,8 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
 
     private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class);
 
+    private String superAdminRealmId = "master";
+
     // TODO: close Keycloak client once done with it?
     private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds)
{
 
@@ -67,21 +69,6 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
                 .build();
     }
 
-    private static Keycloak getClient(String adminUrl, String realm, String authToken) {
-
-        ResteasyClient resteasyClient = new ResteasyClientBuilder()
-                    .connectionPoolSize(10)
-                    .trustStore(loadKeyStore())
-                    .build();
-        return KeycloakBuilder.builder()
-                .serverUrl(adminUrl)
-                .realm(realm)
-                .authorization(authToken)
-                .clientId("admin-cli")
-                .resteasyClient(resteasyClient)
-                .build();
-    }
-
     private static KeyStore loadKeyStore() {
 
         FileInputStream fis = null;
@@ -107,7 +94,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     public Gateway addTenant(PasswordCredential isSuperAdminPasswordCreds, Gateway gatewayDetails)
throws IamAdminServicesException {
         try {
             // get client
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
"master", isSuperAdminPasswordCreds);
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
this.superAdminRealmId, isSuperAdminPasswordCreds);
             // create realm
             RealmRepresentation newRealmDetails = new RealmRepresentation();
             newRealmDetails.setEnabled(true);
@@ -164,7 +151,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     @Override
     public boolean createTenantAdminAccount(PasswordCredential isSuperAdminPasswordCreds,
Gateway gatewayDetails) throws IamAdminServicesException{
         try{
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
"master", isSuperAdminPasswordCreds);
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
this.superAdminRealmId, isSuperAdminPasswordCreds);
             UserRepresentation user = new UserRepresentation();
             user.setUsername(gatewayDetails.getIdentityServerUserName());
             user.setFirstName(gatewayDetails.getGatewayAdminFirstName());
@@ -223,7 +210,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     @Override
     public Gateway configureClient(PasswordCredential isSuperAdminPasswordCreds, Gateway
gatewayDetails) throws IamAdminServicesException{
         try{
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
"master", isSuperAdminPasswordCreds);
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
this.superAdminRealmId, isSuperAdminPasswordCreds);
             ClientRepresentation pgaClient = new ClientRepresentation();
             pgaClient.setName("pga");
             pgaClient.setClientId("pga");
@@ -274,25 +261,23 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     }
 
     @Override
-    public boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile,
String newPassword) throws IamAdminServicesException{
+    public boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String
username, String emailAddress, String firstName, String lastName, String newPassword) throws
IamAdminServicesException{
         try{
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
userProfile.getGatewayId(), realmAdminCreds);
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, realmAdminCreds);
             UserRepresentation user = new UserRepresentation();
-            user.setUsername(userProfile.getUserId());
-            user.setFirstName(userProfile.getFirstName());
-            user.setLastName(userProfile.getLastName());
-            // Always takes the first value
-            List<String> emails = userProfile.getEmails();
-            user.setEmail(emails.get(0));
+            user.setUsername(username);
+            user.setFirstName(firstName);
+            user.setLastName(lastName);
+            user.setEmail(emailAddress);
             user.setEnabled(false);
-            Response httpResponse = client.realm(userProfile.getGatewayId()).users().create(user);
+            Response httpResponse = client.realm(tenantId).users().create(user);
             if (httpResponse.getStatus() == 201) { //HTTP code for record creation: HTTP
201
-                List<UserRepresentation> retrieveCreatedUserList = client.realm(userProfile.getGatewayId()).users().search(user.getUsername(),
+                List<UserRepresentation> retrieveCreatedUserList = client.realm(tenantId).users().search(user.getUsername(),
                         user.getFirstName(),
                         user.getLastName(),
                         user.getEmail(),
                         0, 1);
-                UserResource retrievedUser = client.realm(userProfile.getGatewayId()).users().get(retrieveCreatedUserList.get(0).getId());
+                UserResource retrievedUser = client.realm(tenantId).users().get(retrieveCreatedUserList.get(0).getId());
                 CredentialRepresentation credential = new CredentialRepresentation();
                 credential.setType(CredentialRepresentation.PASSWORD);
                 credential.setValue(newPassword);
@@ -313,12 +298,11 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     }
 
     @Override
-    public boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails)
throws IamAdminServicesException{
+    public boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId,
String username) throws IamAdminServicesException{
         try{
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
userDetails.getGatewayId(), realmAdminAccount);
-            List<String> emails = userDetails.getEmails();
-            List<UserRepresentation> userResourceList = client.realm(userDetails.getGatewayId()).users().search(userDetails.getUserId(),0,1);
-            UserResource userResource = client.realm(userDetails.getGatewayId()).users().get(userResourceList.get(0).getId());
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, realmAdminCreds);
+            List<UserRepresentation> userResourceList = client.realm(tenantId).users().search(username,0,1);
+            UserResource userResource = client.realm(tenantId).users().get(userResourceList.get(0).getId());
             UserRepresentation profile = userResource.toRepresentation();
             profile.setEnabled(true);
             userResource.update(profile);
@@ -331,9 +315,10 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
         }
     }
 
-    public boolean resetUserPassword(String authToken, String tenantId, String username,
String newPassword) throws IamAdminServicesException{
+    @Override
+    public boolean resetUserPassword(PasswordCredential realmAdminCreds, String tenantId,
String username, String newPassword) throws IamAdminServicesException{
         try{
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, authToken);
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, realmAdminCreds);
             List<UserRepresentation> retrieveUserList = client.realm(tenantId).users().search(username,
                     null,
                     null,
@@ -369,10 +354,11 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
         }
     }
 
-    public List<UserProfile> findUser(PasswordCredential realmAdminCreds, String gatewayID,
String email, String userName) throws IamAdminServicesException{
+    @Override
+    public List<UserProfile> findUser(PasswordCredential realmAdminCreds, String tenantId,
String email, String userName) throws IamAdminServicesException{
         try{
-            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
gatewayID, realmAdminCreds);
-            List<UserRepresentation> retrieveUserList = client.realm(gatewayID).users().search(userName,
+            Keycloak client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, realmAdminCreds);
+            List<UserRepresentation> retrieveUserList = client.realm(tenantId).users().search(userName,
                     null,
                     null,
                     email,
@@ -407,12 +393,12 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
     }
 
     @Override
-    public void updateUserProfile(PasswordCredential realmAdminCreds, String gatewayId, String
username, UserProfile userDetails) throws IamAdminServicesException {
+    public void updateUserProfile(PasswordCredential realmAdminCreds, String tenantId, String
username, UserProfile userDetails) throws IamAdminServicesException {
 
         Keycloak client = null;
         try{
-            client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
gatewayId, realmAdminCreds);
-            List<UserRepresentation> retrieveUserList = client.realm(gatewayId).users().search(username,
+            client = TenantManagementKeycloakImpl.getClient(ServerSettings.getIamServerUrl(),
tenantId, realmAdminCreds);
+            List<UserRepresentation> retrieveUserList = client.realm(tenantId).users().search(username,
                     null,
                     null,
                     null,
@@ -423,7 +409,7 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
                 userRepresentation.setFirstName(userDetails.getFirstName());
                 userRepresentation.setLastName(userDetails.getLastName());
                 userRepresentation.setEmail(userDetails.getEmails().get(0));
-                UserResource userResource = client.realm(gatewayId).users().get(userRepresentation.getId());
+                UserResource userResource = client.realm(tenantId).users().get(userRepresentation.getId());
                 userResource.update(userRepresentation);
             }else{
                 throw new IamAdminServicesException("User [" + username + "] wasn't found
in Keycloak!");

http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
index b413eb0..5972dfe 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/interfaces/TenantManagementInterface.java
@@ -61,49 +61,54 @@ public interface TenantManagementInterface {
      * Method to create user in Identity Server
      *
      * @param realmAdminCreds identity server realm admin credentials
-     * @param userProfile gateway details from workspace catalog
+     * @param username
+     * @param emailAddress
+     * @param firstName
+     * @param lastName
      * @param newPassword
-     * @return Gateway object.
+     * @return true if user created
+     * @throws IamAdminServicesException
      */
-    boolean createUser(PasswordCredential realmAdminCreds, UserProfile userProfile, String
newPassword) throws IamAdminServicesException;
+    boolean createUser(PasswordCredential realmAdminCreds, String tenantId, String username,
String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException;
 
     /**
      * Method to enable user in Identity Server
      *
-     * @param realmAdminAccount identity server realm admin credentials
-     * @param userDetails gateway details from workspace catalog
+     * @param realmAdminCreds identity server realm admin credentials
+     * @param tenantId
+     * @param username
      * @return boolean.
      */
-    boolean enableUserAccount(PasswordCredential realmAdminAccount, UserProfile userDetails)
throws IamAdminServicesException;
+    boolean enableUserAccount(PasswordCredential realmAdminCreds, String tenantId, String
username) throws IamAdminServicesException;
 
     /**
      * Method to reset user password in Identity Server
      *
-     * @param authToken for realm admin
+     * @param realmAdminCreds identity server realm admin credentials
      * @param tenantId
      * @param username
      * @param newPassword
      * @return boolean
      */
-    boolean resetUserPassword(String authToken, String tenantId, String username, String
newPassword) throws IamAdminServicesException;
+    boolean resetUserPassword(PasswordCredential realmAdminCreds, String tenantId, String
username, String newPassword) throws IamAdminServicesException;
 
     /**
      * Method to find user in Identity Server
      *
      * @param realmAdminCreds identity server realm admin credentials
-     * @param gatewayID required
+     * @param tenantId required
      * @param email required
-     * @param userName can be null
+     * @param username can be null
      * @return Gateway object.
      */
-    List<UserProfile> findUser(PasswordCredential realmAdminCreds, String gatewayID,
String email, String userName) throws IamAdminServicesException;
+    List<UserProfile> findUser(PasswordCredential realmAdminCreds, String tenantId,
String email, String username) throws IamAdminServicesException;
 
     /**
      * Update the user's profile in the Identity Server
      * @param realmAdminCreds
-     * @param gatewayId
+     * @param tenantId
      * @param username
      * @param userDetails
      */
-    void updateUserProfile(PasswordCredential realmAdminCreds, String gatewayId, String username,
UserProfile userDetails) throws IamAdminServicesException;
+    void updateUserProfile(PasswordCredential realmAdminCreds, String tenantId, String username,
UserProfile userDetails) throws IamAdminServicesException;
 }

http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
index e192569..1f1c915 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/test/java/org/apache/airavata/service/profile/iam/admin/services/core/tests/SetupNewGateway.java
@@ -65,8 +65,8 @@ public class SetupNewGateway {
 
          TenantManagementKeycloakImpl client = new TenantManagementKeycloakImpl();
          try {
-             client.createUser(tenantAdminCreds,user,"test@123");
-             client.enableUserAccount(tenantAdminCreds,user);
+             client.createUser(tenantAdminCreds, user.getGatewayId(), user.getUserId(), user.getEmails().get(0),
user.getFirstName(), user.getLastName(),"test@123");
+             client.enableUserAccount(tenantAdminCreds, user.getGatewayId(), user.getUserId());
          } catch (IamAdminServicesException e) {
              e.printStackTrace();
          }

http://git-wip-us.apache.org/repos/asf/airavata/blob/14bb4321/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 43e0893..57d8b8b 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -66,8 +66,9 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface {
 
     @Override
     @SecurityCheck
-    public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway, PasswordCredential
isSuperAdminCredentials) throws IamAdminServicesException, AuthorizationException {
+    public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException,
AuthorizationException {
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential();
         try{
             keycloakclient.addTenant(isSuperAdminCredentials,gateway);
             if(!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials,gateway)){
@@ -84,58 +85,70 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface
{
     //ToDo: Will only be secure when using SSL between PGA and Airavata
     @Override
     @SecurityCheck
-    public boolean registerUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential
isRealmAdminCredentials, String newPassword) throws IamAdminServicesException, AuthorizationException
{
+    public boolean registerUser(AuthzToken authzToken, String username, String emailAddress,
String firstName, String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException
{
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
         try{
-            if(keycloakclient.createUser(isRealmAdminCredentials,userDetails,newPassword))
+            PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+            if(keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress,
firstName, lastName, newPassword))
                 return true;
             else
                 return false;
-        } catch (IamAdminServicesException ex){
-            logger.error("Error while registering user into Identity Server, reason: " +
ex.getMessage(), ex);
-            throw ex;
+        } catch (TException|ApplicationSettingsException ex){
+            String msg = "Error while registering user into Identity Server, reason: " +
ex.getMessage();
+            logger.error(msg, ex);
+            throw new IamAdminServicesException(msg);
         }
     }
 
     @Override
     @SecurityCheck
-    public boolean enableUser(AuthzToken authzToken, UserProfile userDetails, PasswordCredential
isRealmAdminCredentials) throws IamAdminServicesException, AuthorizationException {
+    public boolean enableUser(AuthzToken authzToken, String username) throws IamAdminServicesException,
AuthorizationException {
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
         try{
-            if(keycloakclient.enableUserAccount(isRealmAdminCredentials,userDetails))
+            PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+            if(keycloakclient.enableUserAccount(isRealmAdminCredentials, gatewayId, username))
                 return true;
             else
                 return false;
-        } catch (IamAdminServicesException ex){
-            logger.error("Error while enabling user account, reason: " + ex.getMessage(),
ex);
-            throw ex;
+        } catch (TException|ApplicationSettingsException ex){
+            String msg = "Error while enabling user account, reason: " + ex.getMessage();
+            logger.error(msg, ex);
+            throw new IamAdminServicesException(msg);
         }
     }
 
     @Override
     @SecurityCheck
-    public boolean resetUserPassword(AuthzToken authzToken, String tenantId, String username,
String newPassword) throws IamAdminServicesException, AuthorizationException, TException {
+    public boolean resetUserPassword(AuthzToken authzToken, String username, String newPassword)
throws IamAdminServicesException, AuthorizationException, TException {
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
         try{
-            if(keycloakclient.resetUserPassword(authzToken.getAccessToken(), tenantId, username,
newPassword))
+            PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+            if(keycloakclient.resetUserPassword(isRealmAdminCredentials, gatewayId, username,
newPassword))
                 return true;
             else
                 return false;
-        } catch (IamAdminServicesException ex){
-            logger.error("Error while resetting user password in Identity Server, reason:
" + ex.getMessage(), ex);
-            throw ex;
+        } catch (TException|ApplicationSettingsException ex){
+            String msg = "Error while resetting user password in Identity Server, reason:
" + ex.getMessage();
+            logger.error(msg, ex);
+            throw new IamAdminServicesException(msg);
         }
     }
 
     @Override
     @SecurityCheck
-    public List<UserProfile> findUsers(AuthzToken authzToken, String gatewayID, String
email, String userId, PasswordCredential isRealmAdminCredentials) throws IamAdminServicesException,
AuthorizationException, TException {
+    public List<UserProfile> findUsers(AuthzToken authzToken, String email, String
userId) throws IamAdminServicesException, AuthorizationException, TException {
         TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
+        String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
         try{
-            return keycloakclient.findUser(isRealmAdminCredentials,gatewayID,email,userId);
-        } catch (IamAdminServicesException ex){
-            logger.error("Error while retrieving users from Identity Server, reason: " +
ex.getMessage(), ex);
-            throw ex;
+            PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
+            return keycloakclient.findUser(isRealmAdminCredentials, gatewayId, email, userId);
+        } catch (TException|ApplicationSettingsException ex){
+            String msg = "Error while retrieving users from Identity Server, reason: " +
ex.getMessage();
+            logger.error(msg, ex);
+            throw new IamAdminServicesException(msg);
         }
     }
 
@@ -152,16 +165,33 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface
{
             if (!username.equals(userDetails.getUserId())) {
                 throw new IamAdminServicesException("userId in user profile doesn't match
authorization token!");
             }
-            GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(gatewayId);
 
-            CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
-            PasswordCredential credential = csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(),
gwrp.getGatewayID());
+            PasswordCredential credential = getTenantAdminPasswordCredential(gatewayId);
             keycloakclient.updateUserProfile(credential, gatewayId, username, userDetails);
         } catch (ApplicationSettingsException e) {
             throw new IamAdminServicesException("Unable to create service clients. Reason:
" + e.getMessage());
         }
     }
 
+    private PasswordCredential getSuperAdminPasswordCredential() {
+        PasswordCredential isSuperAdminCredentials = new PasswordCredential();
+        try {
+            isSuperAdminCredentials.setLoginUserName(ServerSettings.getIamServerSuperAdminUsername());
+            isSuperAdminCredentials.setPassword(ServerSettings.getIamServerSuperAdminPassword());
+        } catch (ApplicationSettingsException e) {
+            throw new RuntimeException("Unable to get settings for IAM super admin username/password",
e);
+        }
+        return isSuperAdminCredentials;
+    }
+
+    private PasswordCredential getTenantAdminPasswordCredential(String tenantId) throws TException,
ApplicationSettingsException {
+
+        GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(tenantId);
+
+        CredentialStoreService.Client csClient = getCredentialStoreServiceClient();
+        return csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID());
+    }
+
     private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException
{
         final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort());
         final String serverHost = ServerSettings.getRegistryServerHost();


Mime
View raw message