use of io.gravitee.am.service.model.PatchOrganization in project gravitee-access-management by gravitee-io.
the class OrganizationServiceTest method shouldUpdate.
@Test
public void shouldUpdate() {
Organization existingOrganization = new Organization();
existingOrganization.setId(ORGANIZATION_ID);
when(organizationRepository.findById(ORGANIZATION_ID)).thenReturn(Maybe.just(existingOrganization));
when(organizationRepository.update(argThat(toUpdate -> toUpdate.getIdentities() != null))).thenAnswer(i -> Single.just(i.getArgument(0)));
PatchOrganization patchOrganization = new PatchOrganization();
List<String> identities = Collections.singletonList("test");
patchOrganization.setIdentities(identities);
TestObserver<Organization> obs = cut.update(ORGANIZATION_ID, patchOrganization, new DefaultUser("username")).test();
obs.awaitTerminalEvent();
obs.assertValue(updated -> updated.getIdentities().equals(identities));
}
use of io.gravitee.am.service.model.PatchOrganization in project gravitee-access-management by gravitee-io.
the class OrganizationServiceTest method shouldUpdate_notExistingOrganization.
@Test
public void shouldUpdate_notExistingOrganization() {
when(organizationRepository.findById(ORGANIZATION_ID)).thenReturn(Maybe.empty());
PatchOrganization patchOrganization = new PatchOrganization();
patchOrganization.setIdentities(Collections.singletonList("test"));
TestObserver<Organization> obs = cut.update(ORGANIZATION_ID, patchOrganization, new DefaultUser("username")).test();
obs.awaitTerminalEvent();
obs.assertError(OrganizationNotFoundException.class);
}
use of io.gravitee.am.service.model.PatchOrganization in project gravitee-access-management by gravitee-io.
the class DefaultOrganizationUpgrader method createInlineProvider.
private IdentityProvider createInlineProvider() {
// Create an inline identity provider
logger.info("Create an user-inline provider");
NewIdentityProvider adminIdentityProvider = new NewIdentityProvider();
adminIdentityProvider.setType("inline-am-idp");
adminIdentityProvider.setName("Inline users");
adminIdentityProvider.setConfiguration(DEFAULT_INLINE_IDP_CONFIG);
IdentityProvider createdIdentityProvider = identityProviderService.create(ReferenceType.ORGANIZATION, Organization.DEFAULT, adminIdentityProvider, null, false).blockingGet();
logger.info("Associate user-inline provider to default organization");
PatchOrganization patchOrganization = new PatchOrganization();
patchOrganization.setIdentities(Collections.singletonList(createdIdentityProvider.getId()));
organizationService.update(Organization.DEFAULT, patchOrganization, null).blockingGet();
return createdIdentityProvider;
}
use of io.gravitee.am.service.model.PatchOrganization in project gravitee-access-management by gravitee-io.
the class DefaultOrganizationUpgrader method upgrade.
@Override
public boolean upgrade() {
try {
// This call create default organization with :
// - default roles
// - default entry point
Organization organization = organizationService.createDefault().blockingGet();
// - migrate all existing users permissions to default ORGANIZATION_OWNER
if (organization != null) {
logger.info("Default organization successfully created");
// check if old domain admin exists
Domain adminDomain = domainService.findById(ADMIN_DOMAIN).blockingGet();
if (adminDomain != null) {
// update organization identities
PatchOrganization patchOrganization = new PatchOrganization();
patchOrganization.setIdentities(adminDomain.getIdentities() != null ? new ArrayList<>(adminDomain.getIdentities()) : null);
organizationService.update(organization.getId(), patchOrganization, null).blockingGet();
// Must grant owner power to all existing users to be iso-functional with v2 where all users could do everything.
Role organizationOwnerRole = roleService.findDefaultRole(Organization.DEFAULT, DefaultRole.ORGANIZATION_OWNER, ReferenceType.ORGANIZATION).blockingGet();
Page<User> userPage;
int page = 0;
do {
userPage = userService.findAll(ReferenceType.ORGANIZATION, Organization.DEFAULT, page, PAGE_SIZE).blockingGet();
// membership helper create membership only if
userPage.getData().forEach(user -> membershipHelper.setOrganizationRole(user, organizationOwnerRole));
page++;
} while (userPage.getData().size() == PAGE_SIZE);
// then delete the domain
domainService.delete(ADMIN_DOMAIN).blockingGet();
} else if (useDefaultAdmin) {
// Need to create an inline provider and an admin user for this newly created default organization.
IdentityProvider inlineProvider = createInlineProvider();
User adminUser = createAdminUser(inlineProvider);
membershipHelper.setOrganizationPrimaryOwnerRole(adminUser);
}
}
if (identityProviderManager != null) {
// call the idpManager here to ensure that roles have been created
identityProviderManager.loadIdentityProviders();
}
// Get organization with fresh data.
organization = organizationService.findById(Organization.DEFAULT).blockingGet();
logger.info("Check if default organization is up to date");
if (useDefaultAdmin) {
// Need to check that inline idp and default admin user has 'admin' role.
final List<String> identities = Optional.ofNullable(organization.getIdentities()).orElse(Collections.emptyList());
IdentityProvider inlineIdp = identityProviderService.findAll(ReferenceType.ORGANIZATION, Organization.DEFAULT).filter(identityProvider -> identityProvider.getType().equals("inline-am-idp") && !identityProvider.isExternal() && identities.contains(identityProvider.getId())).firstElement().blockingGet();
// If inline idp doesn't exist or is not enabled, it is probably an administrator choice. So do not go further.
if (inlineIdp != null) {
// If inline idp doesn't have "admin" user in its configuration, it is probably an administrator choice. So do not go further.
if (inlineIdp.getConfiguration().contains(",\"username\":\"" + ADMIN_USERNAME + "\",") && inlineIdp.getRoleMapper().isEmpty()) {
// Check the user admin exists.
User adminUser = userService.findByUsernameAndSource(ReferenceType.ORGANIZATION, Organization.DEFAULT, ADMIN_USERNAME, inlineIdp.getId()).blockingGet();
if (adminUser == null) {
// Create the admin user with organization primary owner role on the default organization.
adminUser = createAdminUser(inlineIdp);
membershipHelper.setOrganizationPrimaryOwnerRole(adminUser);
}
}
}
}
// The primary owner of the default organization must be considered as platform admin.
membershipHelper.setPlatformAdminRole();
} catch (Exception e) {
logger.error("An error occurred trying to initialize default organization", e);
return false;
}
return true;
}
Aggregations