airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From isjar...@apache.org
Subject [airavata-custos] branch develop updated: Support ssh, password external token string
Date Mon, 16 Nov 2020 19:11:57 GMT
This is an automated email from the ASF dual-hosted git repository.

isjarana pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git


The following commit(s) were added to refs/heads/develop by this push:
     new beb8455  Support ssh,password external token string
     new 994f7b2  Merge pull request #124 from isururanawaka/vault_ssl
beb8455 is described below

commit beb845510611e9eaa035e2ed824652c3dcbeef63
Author: Isuru Ranawaka <irjanith@gmail.com>
AuthorDate: Fri Nov 13 13:43:54 2020 -0500

    Support ssh,password external token string
---
 .../resources/keycloak-client-truststore.pkcs12    | Bin 1682 -> 1674 bytes
 .../resources/keycloak-client-truststore.pkcs12    | Bin 1682 -> 1674 bytes
 .../manager/adaptor/inbound/CredentialReader.java  | 139 ++++++++++++++-------
 .../adaptor/outbound/CertificateCredential.java    |   1 +
 .../manager/adaptor/outbound/CredentialWriter.java |  93 ++++++++++++--
 .../adaptor/outbound/PasswordCredential.java       |   5 +
 .../adaptor/outbound/ResourceCredential.java       |  16 +++
 .../manager/adaptor/outbound/SSHCredential.java    |  37 +++---
 .../local/repository/SecretRepository.java         |  10 +-
 .../secret/service/ResourceSecretService.java      |  38 +++---
 10 files changed, 249 insertions(+), 90 deletions(-)

diff --git a/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
b/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
index 63d9228..d2549b1 100644
Binary files a/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
and b/custos-core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
differ
diff --git a/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
b/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
index 63d9228..d2549b1 100644
Binary files a/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
and b/custos-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
differ
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
index 8bc4e33..9f5de02 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
@@ -61,36 +61,47 @@ public class CredentialReader {
      */
     public SSHCredential getSSHCredential(long tenantId, String token) {
 
-        Optional<Secret> secret = repository.findById(token);
+        Secret secret = null;
 
+        if (token != null && !token.trim().equals("")) {
+            Optional<Secret> exSecret = repository.findById(token);
+            if (exSecret.isPresent()){
+                secret = exSecret.get();
+            }
+        }
+        if (secret == null) {
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+            if (secrets != null && !secrets.isEmpty()) {
+                secret = secrets.get(0);
+            }
+        }
 
-        if (secret.isEmpty()) {
+        if (secret == null) {
             return null;
         }
 
-        Secret exSec = secret.get();
-
-        String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId()
+
-                "/" + Constants.SSH_CREDENTIALS + "/" + token;
-
+        String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
+                "/" + Constants.SSH_CREDENTIALS + "/" + secret.getId();
 
         VaultResponseSupport<SSHCredentialSecrets> response = vaultTemplate.read(vaultPath,
SSHCredentialSecrets.class);
 
         if (response == null || response.getData() == null && response.getData().getPrivateKey()
== null) {
-            repository.delete(exSec);
+            repository.delete(secret);
             return null;
         }
 
         SSHCredentialSecrets sshCredentialSecrets = response.getData();
 
         SecretMetadata metadata = SecretMetadata.newBuilder()
-                .setOwnerId(exSec.getOwnerId())
+                .setOwnerId(secret.getOwnerId())
                 .setTenantId(tenantId)
-                .setPersistedTime(exSec.getCreatedAt().getTime())
-                .setDescription(exSec.getDiscription())
+                .setPersistedTime(secret.getCreatedAt().getTime())
+                .setDescription(secret.getDiscription())
                 .setResourceType(ResourceType.VAULT_CREDENTIAL)
                 .setSource(ResourceSource.EXTERNAL)
-                .setToken(token)
+                .setToken(
+                        (secret.getExternalId() != null &&
+                                !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
                 .build();
 
         SSHCredential credential = SSHCredential.newBuilder()
@@ -112,37 +123,50 @@ public class CredentialReader {
      * @param token
      * @return
      */
-    public org.apache.custos.resource.secret.service.PasswordCredential getPasswordCredential(long
tenantId, String token) {
-        Optional<Secret> secret = repository.findById(token);
-
+    public org.apache.custos.resource.secret.service.PasswordCredential getPasswordCredential(long
tenantId,
+                                                                                        
     String token) {
+        Secret secret = null;
+
+        if (token != null && !token.trim().equals("")) {
+            Optional<Secret> exSecret = repository.findById(token);
+            if (exSecret.isPresent()){
+                secret = exSecret.get();
+            }
+        } if (secret == null ) {
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+            if (secrets != null && !secrets.isEmpty()) {
+                secret = secrets.get(0);
+            }
+        }
 
-        if (secret.isEmpty()) {
+        if (secret == null) {
             return null;
         }
 
-        Secret exSec = secret.get();
-
-        String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId()
+
-                "/" + Constants.PASSWORD + "/" + token;
+        String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
+                "/" + Constants.PASSWORD + "/" + secret.getId();
 
 
         VaultResponseSupport<PasswordSecret> response = vaultTemplate.read(vaultPath,
PasswordSecret.class);
 
         if (response == null || response.getData() == null && response.getData().getPassword()
== null) {
-            repository.delete(exSec);
+            repository.delete(secret);
             return null;
         }
 
         PasswordSecret passwordSecret = response.getData();
 
         SecretMetadata metadata = SecretMetadata.newBuilder()
-                .setOwnerId(exSec.getOwnerId())
+                .setOwnerId(secret.getOwnerId())
                 .setTenantId(tenantId)
-                .setPersistedTime(exSec.getCreatedAt().getTime())
-                .setDescription(exSec.getDiscription())
+                .setPersistedTime(secret.getCreatedAt().getTime())
+                .setDescription(secret.getDiscription())
                 .setResourceType(ResourceType.VAULT_CREDENTIAL)
                 .setSource(ResourceSource.EXTERNAL)
-                .setToken(token)
+                .setType(ResourceSecretType.PASSWORD)
+                .setToken(
+                        (secret.getExternalId() != null ||
+                                !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
                 .build();
 
         org.apache.custos.resource.secret.service.PasswordCredential credential =
@@ -164,34 +188,48 @@ public class CredentialReader {
      * @return
      */
     public CertificateCredential getCertificateCredential(long tenantId, String token) {
-        Optional<Secret> secret = repository.findById(token);
+        Secret secret = null;
+
+        if (token != null && !token.trim().equals("")) {
+            Optional<Secret> exSecret = repository.findById(token);
+            if (exSecret.isPresent()){
+                secret = exSecret.get();
+            }
+        } if (secret == null) {
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+            if (secrets != null && !secrets.isEmpty()) {
+                secret = secrets.get(0);
+            }
+        }
 
-        if (secret.isEmpty()) {
+        if (secret == null) {
             return null;
         }
 
-        Secret exSec = secret.get();
 
-        String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId()
+
-                "/" + Constants.PASSWORD + "/" + token;
+        String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
+                "/" + Constants.PASSWORD + "/" + secret.getId();
 
         VaultResponseSupport<Certificate> response = vaultTemplate.read(vaultPath,
Certificate.class);
 
         if (response == null || response.getData() == null && response.getData().getCertificate()
== null) {
-            repository.delete(exSec);
+            repository.delete(secret);
             return null;
         }
 
         Certificate certificate = response.getData();
 
         SecretMetadata metadata = SecretMetadata.newBuilder()
-                .setOwnerId(exSec.getOwnerId())
+                .setOwnerId(secret.getOwnerId())
                 .setTenantId(tenantId)
-                .setPersistedTime(exSec.getCreatedAt().getTime())
-                .setDescription(exSec.getDiscription())
+                .setPersistedTime(secret.getCreatedAt().getTime())
+                .setDescription(secret.getDiscription())
                 .setResourceType(ResourceType.VAULT_CREDENTIAL)
                 .setSource(ResourceSource.EXTERNAL)
-                .setToken(token)
+                .setType(ResourceSecretType.X509_CERTIFICATE)
+                .setToken(
+                        (secret.getExternalId() != null &&
+                                !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
                 .build();
 
         CertificateCredential certificateCredential = CertificateCredential.newBuilder()
@@ -216,16 +254,29 @@ public class CredentialReader {
      */
     public SecretMetadata getCredentialSummary(long tenantId, String token) {
 
-        Optional<Secret> exSec = repository.findById(token);
+        Secret secret = null;
 
-        if (exSec.isEmpty()) {
-            return null;
+        if (token != null && !token.trim().equals("")) {
+            Optional<Secret> exSecret = repository.findById(token);
+            if (exSecret.isPresent()){
+                secret = exSecret.get();
+            }
+        }
+        if (secret == null) {
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+            if (secrets != null && !secrets.isEmpty()) {
+                secret = secrets.get(0);
+            }
         }
 
-        Secret secret = exSec.get();
+        if (secret == null) {
+            return null;
+        }
 
         return SecretMetadata.newBuilder()
-                .setToken(token)
+                .setToken(
+                        (secret.getExternalId() != null &&
+                                !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
                 .setTenantId(tenantId)
                 .setDescription(secret.getDiscription())
                 .setPersistedTime(secret.getCreatedAt().getTime())
@@ -246,7 +297,7 @@ public class CredentialReader {
      */
     public List<SecretMetadata> getAllCredentialSummaries(long tenantId, List<String>
tokens) {
 
-        List<Secret> secrets = repository.findAllById(tokens);
+        List<Secret> secrets = repository.getAllSecretsByIdOrExternalId(tenantId, tokens,
tokens);
         List<SecretMetadata> metadata = new ArrayList<>();
 
         if (secrets != null && !secrets.isEmpty()) {
@@ -254,7 +305,9 @@ public class CredentialReader {
 
             secrets.forEach(secret -> {
                 metadata.add(SecretMetadata.newBuilder()
-                        .setToken(secret.getId())
+                        .setToken(
+                                (secret.getExternalId() != null &&
+                                        !secret.getExternalId().trim().equals(""))? secret.getExternalId():
secret.getId())
                         .setTenantId(tenantId)
                         .setDescription(secret.getDiscription())
                         .setPersistedTime(secret.getCreatedAt().getTime())
@@ -318,7 +371,7 @@ public class CredentialReader {
 
     public KVCredential getKVSecretByKey(String key, long tenantId, String ownerId) {
 
-        List<Secret> secrets = repository.findAllByExternalIdAndOwnerId(key, ownerId);
+        List<Secret> secrets = repository.findAllByExternalIdAndOwnerIdAndTenantId(key,
ownerId, tenantId);
 
         if (secrets != null && secrets.isEmpty()) {
             return null;
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
index d52d677..5407c9f 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
@@ -45,6 +45,7 @@ public class CertificateCredential extends ResourceCredential {
     private String privateKey;
 
 
+
     public CertificateCredential(GeneratedMessageV3 message) throws CertificateException
{
         super(message);
         if (message instanceof org.apache.custos.resource.secret.service.CertificateCredential)
{
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
index a0f2fcf..e48b668 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/CredentialWriter.java
@@ -65,13 +65,32 @@ public class CredentialWriter {
         if (exSecret.isPresent()) {
             String msg = " Credential with token " + credential.getToken() + " already exist";
             LOGGER.error(msg);
-            throw new CredentialStoreException(msg, null);
+            throw new CredentialStoreException("Invalid token", null);
+        }
+
+        if (credential.getExternalId() != null && !credential.getExternalId().trim().equals(""))
{
+
+            Optional<Secret> exToSec = repository.findById(credential.getExternalId());
+
+            if (exToSec.isPresent()) {
+                String msg = " Credential with token " + credential.getToken() + " already
exist";
+                LOGGER.error(msg);
+                throw new CredentialStoreException("Invalid token", null);
+            }
+
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(credential.getExternalId(),
+                    credential.getTenantId());
+            if (secrets != null && !secrets.isEmpty()) {
+                String msg = " Credential with externalId " + credential.getExternalId()
+ " already exist";
+                LOGGER.error(msg);
+                throw new CredentialStoreException("Invalid token", null);
+            }
+
         }
 
         String path = Constants.VAULT_RESOURCE_SECRETS_PATH + credential.getTenantId() +
"/" + credential.getOwnerId()
                 + "/" + Constants.SSH_CREDENTIALS + "/" + credential.getToken();
 
-
         SSHCredentialSecrets sshCredentialSecrets = new SSHCredentialSecrets
                 (credential.getPrivateKey(), credential.getPublicKey(), credential.getPassPhrase());
         vaultTemplate.write(path, sshCredentialSecrets);
@@ -92,6 +111,7 @@ public class CredentialWriter {
         secret.setOwnerType(credential.getResourceOwnerType().name());
         secret.setSecretType(ResourceSecretType.SSH.name());
         secret.setTenantId(credential.getTenantId());
+        secret.setExternalId(credential.getExternalId());
         repository.save(secret);
         return true;
     }
@@ -108,7 +128,26 @@ public class CredentialWriter {
         if (exSecret.isPresent()) {
             String msg = " Credential with token " + credential.getToken() + " already exist";
             LOGGER.error(msg);
-            throw new CredentialStoreException(msg, null);
+            throw new CredentialStoreException("Invalid token", null);
+        }
+
+        if (credential.getExternalId() != null && !credential.getExternalId().trim().equals(""))
{
+            Optional<Secret> exToSec = repository.findById(credential.getExternalId());
+
+            if (exToSec.isPresent()) {
+                String msg = " Credential with token " + credential.getToken() + " already
exist";
+                LOGGER.error(msg);
+                throw new CredentialStoreException("Invalid token", null);
+            }
+
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(credential.getExternalId(),
+                    credential.getTenantId());
+            if (secrets != null && !secrets.isEmpty()) {
+                String msg = " Credential with externalId " + credential.getExternalId()
+ " already exist";
+                LOGGER.error(msg);
+                throw new CredentialStoreException("Invalid token", null);
+            }
+
         }
 
         String path = Constants.VAULT_RESOURCE_SECRETS_PATH + credential.getTenantId() +
"/" + credential.getOwnerId()
@@ -134,6 +173,7 @@ public class CredentialWriter {
         secret.setOwnerType(credential.getResourceOwnerType().name());
         secret.setSecretType(ResourceSecretType.PASSWORD.name());
         secret.setTenantId(credential.getTenantId());
+        secret.setExternalId(credential.getExternalId());
         repository.save(secret);
         return true;
     }
@@ -150,9 +190,29 @@ public class CredentialWriter {
         if (exSecret.isPresent()) {
             String msg = " Credential with token " + credential.getToken() + " already exist";
             LOGGER.error(msg);
-            throw new CredentialStoreException(msg, null);
+            throw new CredentialStoreException("Invalid token", null);
         }
 
+        if (credential.getExternalId() != null && !credential.getExternalId().trim().equals(""))
{
+            Optional<Secret> exToSec = repository.findById(credential.getExternalId());
+
+            if (exToSec.isPresent()) {
+                String msg = " Credential with token " + credential.getToken() + " already
exist";
+                LOGGER.error(msg);
+                throw new CredentialStoreException("Invalid token", null);
+            }
+
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(credential.getExternalId(),
+                    credential.getTenantId());
+            if (secrets != null && !secrets.isEmpty()) {
+                String msg = " Credential with externalId " + credential.getExternalId()
+ " already exist";
+                LOGGER.error(msg);
+                throw new CredentialStoreException("Invalid token", null);
+            }
+
+        }
+
+
         String path = Constants.VAULT_RESOURCE_SECRETS_PATH + credential.getTenantId() +
"/" + credential.getOwnerId() +
                 "/" + Constants.SSH_CREDENTIALS + "/" + credential.getToken();
 
@@ -181,6 +241,7 @@ public class CredentialWriter {
         secret.setOwnerType(credential.getResourceOwnerType().name());
         secret.setSecretType(ResourceSecretType.X509_CERTIFICATE.name());
         secret.setTenantId(credential.getTenantId());
+        secret.setExternalId(credential.getExternalId());
         repository.save(secret);
         return true;
     }
@@ -195,13 +256,19 @@ public class CredentialWriter {
      */
     public boolean deleteCredential(long tenantId, String token) {
 
+        Secret secret = null;
         Optional<Secret> exSec = repository.findById(token);
 
-        if (exSec.isEmpty()) {
-            return true;
+        if (exSec.isPresent()) {
+            secret = exSec.get();
         }
 
-        Secret secret = exSec.get();
+        if (exSec.isEmpty()) {
+            List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token,
tenantId);
+            if (secrets != null && !secrets.isEmpty()) {
+                secret = secrets.get(0);
+            }
+        }
 
         String type = null;
 
@@ -215,7 +282,7 @@ public class CredentialWriter {
 
 
         String path = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId()
+
-                "/" + type + "/" + token;
+                "/" + type + "/" + secret.getId();
 
         vaultTemplate.delete(path);
 
@@ -230,10 +297,10 @@ public class CredentialWriter {
         if (exSecret.isPresent()) {
             String msg = " Credential with token " + kvCredential.getToken() + " already
exist";
             LOGGER.error(msg);
-            throw new CredentialStoreException(msg, null);
+            throw new CredentialStoreException("Invalid token", null);
         }
 
-        List<Secret> secrets = repository.findAllByExternalIdAndOwnerId(kvCredential.getKey(),
kvCredential.getOwnerId());
+        List<Secret> secrets = repository.findAllByExternalIdAndOwnerIdAndTenantId(kvCredential.getKey(),
kvCredential.getOwnerId(), kvCredential.getTenantId());
 
         if (secrets != null && !secrets.isEmpty()) {
             String msg = " Credential with key " + kvCredential.getKey() + " of user " +
kvCredential.getOwnerId()
@@ -288,7 +355,8 @@ public class CredentialWriter {
         } else {
 
             List<Secret> secrets = repository.
-                    findAllByExternalIdAndOwnerId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId());
+                    findAllByExternalIdAndOwnerIdAndTenantId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId(),
+                            kvCredential.getMetadata().getTenantId());
 
             if (secrets == null && secrets.isEmpty()) {
                 String msg = " Cannot find record "
@@ -338,7 +406,8 @@ public class CredentialWriter {
         } else {
 
             List<Secret> secrets = repository.
-                    findAllByExternalIdAndOwnerId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId());
+                    findAllByExternalIdAndOwnerIdAndTenantId(kvCredential.getKey(), kvCredential.getMetadata().getOwnerId(),
+                            kvCredential.getMetadata().getTenantId());
 
             if (secrets == null && secrets.isEmpty()) {
                 String msg = " Cannot find record "
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
index 6b7b03c..0ac053f 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/PasswordCredential.java
@@ -28,10 +28,13 @@ public class PasswordCredential extends ResourceCredential {
 
     private String password;
 
+
+
     public PasswordCredential(GeneratedMessageV3 message) {
         super(message);
         if (message instanceof org.apache.custos.resource.secret.service.PasswordCredential)
{
           this.password =   ((org.apache.custos.resource.secret.service.PasswordCredential)
message).getPassword();
+
         }
     }
 
@@ -42,4 +45,6 @@ public class PasswordCredential extends ResourceCredential {
     public void setPassword(String password) {
         this.password = password;
     }
+
+
 }
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
index 01b1cf4..0425d82 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/ResourceCredential.java
@@ -41,6 +41,9 @@ public class ResourceCredential implements Credential {
     private long tenantId;
 
 
+    private String externalId;
+
+
     public ResourceCredential(GeneratedMessageV3 message) {
 
         this.token = generateToken();
@@ -51,6 +54,7 @@ public class ResourceCredential implements Credential {
             this.ownerId = metadata.getOwnerId();
             this.tenantId = metadata.getTenantId();
             this.resourceOwnerType = ResourceOwnerType.TENANT;
+            this.externalId = metadata.getToken();
 
         } else if (message instanceof CertificateCredential) {
             SecretMetadata metadata = ((CertificateCredential) message).getMetadata();
@@ -58,6 +62,7 @@ public class ResourceCredential implements Credential {
             this.ownerId = metadata.getOwnerId();
             this.tenantId = metadata.getTenantId();
             this.resourceOwnerType = ResourceOwnerType.TENANT;
+            this.externalId = metadata.getToken();
 
         } else if (message instanceof PasswordCredential) {
             SecretMetadata metadata = ((PasswordCredential) message).getMetadata();
@@ -65,12 +70,14 @@ public class ResourceCredential implements Credential {
             this.ownerId = metadata.getOwnerId();
             this.tenantId = metadata.getTenantId();
             this.resourceOwnerType = ResourceOwnerType.TENANT;
+            this.externalId = metadata.getToken();
         } else if (message instanceof org.apache.custos.resource.secret.service.KVCredential)
{
             SecretMetadata metadata = ((org.apache.custos.resource.secret.service.KVCredential)
message).getMetadata();
             this.description = metadata.getDescription();
             this.ownerId = metadata.getOwnerId();
             this.tenantId = metadata.getTenantId();
             this.resourceOwnerType = ResourceOwnerType.TENANT_USER;
+            this.externalId = ((org.apache.custos.resource.secret.service.KVCredential) message).getKey();
         }
     }
 
@@ -120,4 +127,13 @@ public class ResourceCredential implements Credential {
 
         return UUID.randomUUID().toString();
     }
+
+
+    public String getExternalId() {
+        return externalId;
+    }
+
+    public void setExternalId(String externalId) {
+        this.externalId = externalId;
+    }
 }
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
index 5e2d6eb..ff6647a 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/manager/adaptor/outbound/SSHCredential.java
@@ -26,7 +26,6 @@ import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-
 import java.io.File;
 import java.util.UUID;
 
@@ -42,20 +41,24 @@ public class SSHCredential extends ResourceCredential {
     private String privateKey;
     private String passPhrase;
 
+
     public SSHCredential(GeneratedMessageV3 message) throws Exception {
         super(message);
-       if (message instanceof org.apache.custos.resource.secret.service.SSHCredential) {
+        if (message instanceof org.apache.custos.resource.secret.service.SSHCredential) {
+
+            this.passPhrase = ((org.apache.custos.resource.secret.service.SSHCredential)
message).getPassphrase();
+            this.privateKey = ((org.apache.custos.resource.secret.service.SSHCredential)
message).getPrivateKey();
+            this.publicKey = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPublicKey();
 
-         this.passPhrase =  ((org.apache.custos.resource.secret.service.SSHCredential) message).getPassphrase();
-         this.privateKey = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPrivateKey();
-         this.publicKey = ((org.apache.custos.resource.secret.service.SSHCredential) message).getPublicKey();
 
-         if (passPhrase == null || passPhrase.trim().equals("")) {
-             this.passPhrase = String.valueOf(UUID.randomUUID());
-         }
-          this.generateKeyPair(this.passPhrase);
+            if (passPhrase == null || passPhrase.trim().equals("")) {
+                this.passPhrase = String.valueOf(UUID.randomUUID());
+            }
+            if (this.publicKey == null || this.publicKey.trim().equals("")) {
+                this.generateKeyPair(this.passPhrase);
+            }
 
-       }
+        }
 
     }
 
@@ -83,15 +86,16 @@ public class SSHCredential extends ResourceCredential {
         this.passPhrase = passPhrase;
     }
 
-    private void  generateKeyPair(String passPhrase) throws Exception{
-        JSch jsch=new JSch();
-        try{
-            KeyPair kpair= KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
+
+    private void generateKeyPair(String passPhrase) throws Exception {
+        JSch jsch = new JSch();
+        try {
+            KeyPair kpair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
             File file = File.createTempFile("id_rsa", "");
             String fileName = file.getAbsolutePath();
 
             kpair.writePrivateKey(fileName, passPhrase.getBytes());
-            kpair.writePublicKey(fileName + ".pub"  , "");
+            kpair.writePublicKey(fileName + ".pub", "");
             kpair.dispose();
             byte[] priKey = FileUtils.readFileToByteArray(new File(fileName));
 
@@ -99,8 +103,7 @@ public class SSHCredential extends ResourceCredential {
             this.privateKey = new String(priKey);
             this.publicKey = new String(pubKey);
 
-        }
-        catch(Exception e){
+        } catch (Exception e) {
             LOGGER.error("Error while creating key pair", e);
             throw new Exception("Error while creating key pair", e);
         }
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
index c73610c..26b1d02 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/persistance/local/repository/SecretRepository.java
@@ -21,13 +21,21 @@ package org.apache.custos.resource.secret.persistance.local.repository;
 
 import org.apache.custos.resource.secret.persistance.local.model.Secret;
 import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
 
+import java.util.Iterator;
 import java.util.List;
 
 public interface SecretRepository extends JpaRepository<Secret, String> {
 
 
-    public List<Secret> findAllByExternalIdAndOwnerId(String externalId, String ownerId);
+    public List<Secret> findAllByExternalIdAndOwnerIdAndTenantId(String externalId,
String ownerId, long tenantId);
+
+    public List<Secret> findAllByExternalIdAndTenantId(String externalId, long tenantId);
+
+    @Query(value = "select * from secret s where s.tenant_id = ?1 and ( s.id  IN ?2 " +
+            "or s.external_id  IN ?3 )", nativeQuery = true)
+    public List<Secret> getAllSecretsByIdOrExternalId(long tenantId, List<String>
tokens, List<String> externalIds);
 
 
 }
diff --git a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
index b9ecbfb..8e25e14 100644
--- a/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
+++ b/custos-core-services/resource-secret-core-service/src/main/java/org/apache/custos/resource/secret/service/ResourceSecretService.java
@@ -76,7 +76,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while fetching credential summaries  " +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -102,7 +102,8 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
             AddResourceCredentialResponse resourceCredentialResponse = AddResourceCredentialResponse
                     .newBuilder()
-                    .setToken(sshCredential.getToken())
+                    .setToken((sshCredential.getExternalId() != null &&
+                            !sshCredential.getExternalId().trim().equals(""))?sshCredential.getExternalId():
sshCredential.getToken())
                     .build();
             responseObserver.onNext(resourceCredentialResponse);
             responseObserver.onCompleted();
@@ -110,7 +111,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while adding SSH credentials " + request.getMetadata().getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -135,14 +136,15 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
             AddResourceCredentialResponse resourceCredentialResponse = AddResourceCredentialResponse
                     .newBuilder()
-                    .setToken(passwordCredential.getToken())
+                    .setToken((passwordCredential.getExternalId() != null &&
+                            !passwordCredential.getExternalId().trim().equals(""))?passwordCredential.getExternalId():
passwordCredential.getToken())
                     .build();
             responseObserver.onNext(resourceCredentialResponse);
             responseObserver.onCompleted();
 
         } catch (Exception ex) {
             String msg = "Exception occurred while adding password credentials " + request.getMetadata().getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -167,14 +169,16 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
             AddResourceCredentialResponse resourceCredentialResponse = AddResourceCredentialResponse
                     .newBuilder()
-                    .setToken(certificateCredential.getToken())
+                    .setToken((certificateCredential.getExternalId() != null &&
+                            !certificateCredential.getExternalId().trim().equals(""))?
+                            certificateCredential.getExternalId(): certificateCredential.getToken())
                     .build();
             responseObserver.onNext(resourceCredentialResponse);
             responseObserver.onCompleted();
 
         } catch (Exception ex) {
             String msg = "Exception occurred while adding certificate credential secret "
+ request.getMetadata().getToken() +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -194,7 +198,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while fetching resource credential summaries
" + request.getToken() +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -212,7 +216,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while fetching SSH credential " + request.getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -231,7 +235,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while fetching password credential " + request.getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -250,7 +254,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while fetching certificate credential " + request.getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -277,7 +281,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while deleting SSH secret " + request.getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -303,7 +307,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while deleting password credential " + request.getToken()
+
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -329,7 +333,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while fetching KV credentials " +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -357,7 +361,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while  setting KV credentials " +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -383,7 +387,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while updating  KV credential " +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }
@@ -409,7 +413,7 @@ public class ResourceSecretService extends ResourceSecretServiceGrpc.ResourceSec
 
         } catch (Exception ex) {
             String msg = "Exception occurred while deleting KV  credential " +
-                    " : " + ex.getMessage();
+                    " : " + ex;
             LOGGER.error(msg);
             responseObserver.onError(Status.INTERNAL.withDescription(msg).asRuntimeException());
         }


Mime
View raw message