Example 1 with PasswordCredential
use of org.apache.airavata.model.credential.store.PasswordCredential in project airavata by apache.
the class MigrationManager method getPasswordCredential.
private PasswordCredential getPasswordCredential() {
PasswordCredential passwordCredential = new PasswordCredential();
passwordCredential.setGatewayId("dummy");
passwordCredential.setPortalUserName("dummy");
passwordCredential.setLoginUserName(keycloakAdminUsername);
passwordCredential.setPassword(keycloakAdminPassword);
return passwordCredential;
}
Also used :
PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential)
Example 2 with PasswordCredential
use of org.apache.airavata.model.credential.store.PasswordCredential in project airavata by apache.
the class SSHAccountManager method resolveProvisionerConfig.
private static Map<ConfigParam, String> resolveProvisionerConfig(String gatewayId, String provisionerName, Map<ConfigParam, String> provisionerConfig) throws InvalidSetupException {
CredentialStoreService.Client credentialStoreServiceClient = null;
try {
credentialStoreServiceClient = getCredentialStoreClient();
// Resolve any CRED_STORE_PASSWORD_TOKEN config parameters to passwords
Map<ConfigParam, String> resolvedConfig = new HashMap<>();
for (Map.Entry<ConfigParam, String> configEntry : provisionerConfig.entrySet()) {
if (configEntry.getKey().getType() == ConfigParam.ConfigParamType.CRED_STORE_PASSWORD_TOKEN) {
try {
PasswordCredential password = credentialStoreServiceClient.getPasswordCredential(configEntry.getValue(), gatewayId);
if (password == null) {
throw new InvalidSetupException("Password credential doesn't exist for config param [" + configEntry.getKey().getName() + "] for token [" + configEntry.getValue() + "] for provisioner [" + provisionerName + "].");
}
resolvedConfig.put(configEntry.getKey(), password.getPassword());
} catch (TException e) {
throw new RuntimeException("Failed to get password needed to configure " + provisionerName, e);
}
} else {
resolvedConfig.put(configEntry.getKey(), configEntry.getValue());
}
}
return resolvedConfig;
} finally {
if (credentialStoreServiceClient != null) {
if (credentialStoreServiceClient.getInputProtocol().getTransport().isOpen()) {
credentialStoreServiceClient.getInputProtocol().getTransport().close();
}
if (credentialStoreServiceClient.getOutputProtocol().getTransport().isOpen()) {
credentialStoreServiceClient.getOutputProtocol().getTransport().close();
}
}
}
}
Also used :
TException(org.apache.thrift.TException)
HashMap(java.util.HashMap)
PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential)
HashMap(java.util.HashMap)
Map(java.util.Map)
CredentialStoreService(org.apache.airavata.credential.store.cpi.CredentialStoreService)
Example 3 with PasswordCredential
use of org.apache.airavata.model.credential.store.PasswordCredential in project airavata by apache.
the class IamAdminServicesHandler method setUpGateway.
@Override
@SecurityCheck
public Gateway setUpGateway(AuthzToken authzToken, Gateway gateway) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
PasswordCredential isSuperAdminCredentials = getSuperAdminPasswordCredential();
try {
keycloakclient.addTenant(isSuperAdminCredentials, gateway);
// Load the tenant admin password stored in gateway request
CredentialStoreService.Client credentialStoreClient = getCredentialStoreServiceClient();
// Admin password token should already be stored under requested gateway's gatewayId
PasswordCredential tenantAdminPasswordCredential = credentialStoreClient.getPasswordCredential(gateway.getIdentityServerPasswordToken(), gateway.getGatewayId());
if (!keycloakclient.createTenantAdminAccount(isSuperAdminCredentials, gateway, tenantAdminPasswordCredential.getPassword())) {
logger.error("Admin account creation failed !!, please refer error logs for reason");
}
Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway);
return gatewayWithIdAndSecret;
} catch (TException | ApplicationSettingsException ex) {
logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex);
IamAdminServicesException iamAdminServicesException = new IamAdminServicesException(ex.getMessage());
throw iamAdminServicesException;
}
}
Also used :
TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)
TException(org.apache.thrift.TException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)
Gateway(org.apache.airavata.model.workspace.Gateway)
PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential)
CredentialStoreService(org.apache.airavata.credential.store.cpi.CredentialStoreService)
SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)
Example 4 with PasswordCredential
use of org.apache.airavata.model.credential.store.PasswordCredential in project airavata by apache.
the class IamAdminServicesHandler method updateUserProfile.
@Override
@SecurityCheck
public void updateUserProfile(AuthzToken authzToken, UserProfile userDetails) throws IamAdminServicesException, AuthorizationException, TException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
try {
String username = authzToken.getClaimsMap().get(Constants.USER_NAME);
String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
if (!gatewayId.equals(userDetails.getGatewayId())) {
throw new IamAdminServicesException("gatewayId in user profile doesn't match authorization token!");
}
if (!username.equals(userDetails.getUserId())) {
throw new IamAdminServicesException("userId in user profile doesn't match authorization token!");
}
PasswordCredential credential = getTenantAdminPasswordCredential(gatewayId);
keycloakclient.updateUserProfile(credential, gatewayId, username, userDetails);
} catch (ApplicationSettingsException e) {
throw new IamAdminServicesException("Unable to create service clients. Reason: " + e.getMessage());
}
}
Also used :
TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)
PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential)
SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)
Example 5 with PasswordCredential
use of org.apache.airavata.model.credential.store.PasswordCredential in project airavata by apache.
the class IamAdminServicesHandler method registerUser.
// ToDo: Will only be secure when using SSL between PGA and Airavata
@Override
@SecurityCheck
public boolean registerUser(AuthzToken authzToken, String username, String emailAddress, String firstName, String lastName, String newPassword) throws IamAdminServicesException, AuthorizationException {
TenantManagementKeycloakImpl keycloakclient = new TenantManagementKeycloakImpl();
String gatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID);
try {
PasswordCredential isRealmAdminCredentials = getTenantAdminPasswordCredential(gatewayId);
if (keycloakclient.createUser(isRealmAdminCredentials, gatewayId, username, emailAddress, firstName, lastName, newPassword))
return true;
else
return false;
} catch (TException | ApplicationSettingsException ex) {
String msg = "Error while registering user into Identity Server, reason: " + ex.getMessage();
logger.error(msg, ex);
throw new IamAdminServicesException(msg);
}
}
Also used :
TenantManagementKeycloakImpl(org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)
TException(org.apache.thrift.TException)
ApplicationSettingsException(org.apache.airavata.common.exception.ApplicationSettingsException)
IamAdminServicesException(org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)
PasswordCredential(org.apache.airavata.model.credential.store.PasswordCredential)
SecurityCheck(org.apache.airavata.service.security.interceptor.SecurityCheck)
Aggregations
PasswordCredential (org.apache.airavata.model.credential.store.PasswordCredential)19
ApplicationSettingsException (org.apache.airavata.common.exception.ApplicationSettingsException)12
TenantManagementKeycloakImpl (org.apache.airavata.service.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl)12
IamAdminServicesException (org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException)12
TException (org.apache.thrift.TException)11
SecurityCheck (org.apache.airavata.service.security.interceptor.SecurityCheck)9
CredentialStoreService (org.apache.airavata.credential.store.cpi.CredentialStoreService)6
GatewayResourceProfile (org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile)3
RegistryServiceException (org.apache.airavata.registry.api.exception.RegistryServiceException)3
ArrayList (java.util.ArrayList)2
UserProfile (org.apache.airavata.model.user.UserProfile)2
Gateway (org.apache.airavata.model.workspace.Gateway)2
AiravataSecurityException (org.apache.airavata.security.AiravataSecurityException)2
TrustStoreManager (org.apache.airavata.security.util.TrustStoreManager)2
AxisFault (org.apache.axis2.AxisFault)2
ConfigurationContext (org.apache.axis2.context.ConfigurationContext)2
BufferedReader (java.io.BufferedReader)1
InputStreamReader (java.io.InputStreamReader)1
HttpURLConnection (java.net.HttpURLConnection)1
URL (java.net.URL)1
