DB syncher

custos-client-sdks/custos-python-sdk/samples/user_management_samples.py

@@ -105,6 +105,6 @@ def find_users():
     response = client.find_users(token, 0, 3, username="isjarana")
     print(response)
 
-
-
+response = id_client.authenticate(token, "isjarana", "Custos1234")
+print(response)
 

custos-client-sdks/custos-python-sdk/transport/settings.ini

@@ -1,6 +1,6 @@
 [CustosServer]
 SERVER_HOST = custos.scigap.org
-SERVER_SSL_PORT = 32036
+SERVER_SSL_PORT = 31499
 CERTIFICATE_FILE_PATH = /Users/isururanawaka/Documents/Airavata_Repository/airavata-custos/custos-client-sdks/custos-python-sdk/samples/resources/cert.pem
 CLIENT_ID = custos-6nwoqodstpe5mvcq09lh-10000101
 CLIENT_SEC = GiKrGGVLW7zDoPZwzgCiFM7WUz3PhIumTmFxAkr7

custos-core-services-client-stubs/iam-admin-core-service-client-stub/src/main/java/org/apache/custos/iam/admin/client/IamAdminServiceClient.java

@@ -29,7 +29,6 @@
 import org.apache.custos.integration.core.ServiceException;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
-import org.springframework.web.bind.annotation.DeleteMapping;
 
 import java.util.List;
 
@@ -281,30 +280,39 @@ public OperationStatus removeUserFromGroup(UserGroupMappingRequest request) {
     public SetUpTenantResponse createAgentClient(AgentClientMetadata request) {
         return iamAdminServiceBlockingStub.createAgentClient(request);
     }
+
     public OperationStatus configureAgentClient(AgentClientMetadata request) {
         return iamAdminServiceBlockingStub.configureAgentClient(request);
     }
+
     public OperationStatus isAgentNameAvailable(UserSearchRequest request) {
         return iamAdminServiceBlockingStub.isAgentNameAvailable(request);
     }
+
     public RegisterUserResponse registerAndEnableAgent(RegisterUserRequest request) {
         return iamAdminServiceBlockingStub.registerAndEnableAgent(request);
     }
+
     public OperationStatus disableAgent(UserSearchRequest request) {
         return iamAdminServiceBlockingStub.disableAgent(request);
     }
+
     public OperationStatus deleteAgent(UserSearchRequest request) {
         return iamAdminServiceBlockingStub.deleteAgent(request);
     }
+
     public OperationStatus addAgentAttributes(AddUserAttributesRequest request) {
         return iamAdminServiceBlockingStub.addAgentAttributes(request);
     }
+
     public OperationStatus deleteAgentAttributes(DeleteUserAttributeRequest request) {
         return iamAdminServiceBlockingStub.deleteAgentAttributes(request);
     }
+
     public OperationStatus addRolesToAgent(AddUserRolesRequest request) {
         return iamAdminServiceBlockingStub.addRolesToAgent(request);
     }
+
     public OperationStatus deleteAgentRoles(DeleteUserRolesRequest request) {
         return iamAdminServiceBlockingStub.deleteAgentRoles(request);
     }
@@ -325,6 +333,10 @@ public SetUpTenantResponse updateTenant(SetUpTenantRequest request) {
         return iamAdminServiceBlockingStub.updateTenant(request);
     }
 
+    public GetAllResourcesResponse getAllResources(GetAllResources request) {
+        return iamAdminServiceBlockingStub.getAllResources(request);
+    }
+
     public Agent getAgent(UserSearchRequest request) {
         return iamAdminServiceBlockingStub.getAgent(request);
     }

custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/service/IamAdminService.java

@@ -1885,22 +1885,7 @@ public void getAgent(UserSearchRequest request, StreamObserver<Agent> responseOb
                     return;
                 } else {
 
-                    Agent.Builder builder = Agent.newBuilder().setId(representation.getUsername())
-                            .setIsEnabled(representation.isEnabled())
-                            .setCreationTime(representation.getCreatedTimestamp());
-
-                    for (String key : representation.getAttributes().keySet()) {
-                        UserAttribute attribute = UserAttribute.newBuilder().setKey(key)
-                                .addAllValues(representation.getAttributes().get(key))
-                                .build();
-                        builder.addAttributes(attribute);
-                    }
-
-                    if (representation.getRealmRoles() != null && !representation.getRealmRoles().isEmpty()) {
-                        builder.addAllRealmRoles(representation.getRealmRoles());
-                    }
-
-                    Agent agent = builder.build();
+                    Agent agent = getAgent(representation);
                     responseObserver.onNext(agent);
                     responseObserver.onCompleted();
                 }
@@ -2041,6 +2026,66 @@ public void removeAdminPrivilege(UserSearchRequest request, StreamObserver<org.a
         }
     }
 
+
+    @Override
+    public void getAllResources(GetAllResources request, StreamObserver<GetAllResourcesResponse> responseObserver) {
+        try {
+            LOGGER.debug("Request received to getAllResources for tenant " + request.getTenantId());
+
+            List<UserRepresentation> representations = keycloakClient.getAllUsers(String.valueOf(request.getTenantId()));
+            GetAllResourcesResponse resourcesResponse = GetAllResourcesResponse.newBuilder().build();
+            if (!representations.isEmpty()) {
+                if (request.getResourceType().name().equals(ResourceTypes.USER.name())) {
+                    List<org.apache.custos.iam.service.UserRepresentation> users = new ArrayList<>();
+                    for (UserRepresentation userRepresentation : representations) {
+
+                        boolean validationStatus = keycloakClient.isValidEndUser(String.valueOf(request.getTenantId()),
+                                userRepresentation.getUsername());
+                        if (validationStatus) {
+                            users.add(getUser(userRepresentation, request.getClientId()));
+
+                        }
+
+                    }
+
+                    resourcesResponse = resourcesResponse.toBuilder().addAllUsers(users).build();
+                    responseObserver.onNext(resourcesResponse);
+                    responseObserver.onCompleted();
+
+                } else {
+                    List<Agent> agents = new ArrayList<>();
+                    for (UserRepresentation userRepresentation : representations) {
+                        boolean validationStatus = keycloakClient.isValidEndUser(String.valueOf(request.getTenantId()),
+                                userRepresentation.getUsername());
+                        if (!validationStatus) {
+                            agents.add(getAgent(userRepresentation));
+                        }
+                    }
+
+                    resourcesResponse = resourcesResponse.toBuilder().addAllAgents(agents).build();
+                    responseObserver.onNext(resourcesResponse);
+                    responseObserver.onCompleted();
+
+                }
+
+            } else {
+                String msg = " Empty resources";
+                LOGGER.error(msg);
+                responseObserver.onError(io.grpc.Status.INTERNAL.withDescription(msg).asRuntimeException());
+            }
+
+
+        } catch (Exception ex) {
+            String msg = " Get all resources failed";
+            LOGGER.error(msg, ex);
+            if (ex.getMessage().contains("HTTP 401 Unauthorized")) {
+                responseObserver.onError(io.grpc.Status.UNAUTHENTICATED.withDescription(msg).asRuntimeException());
+            } else {
+                responseObserver.onError(io.grpc.Status.INTERNAL.withDescription(msg).asRuntimeException());
+            }
+        }
+    }
+
     private OperationMetadata convertFromEntity(StatusEntity entity) {
         return OperationMetadata.newBuilder()
                 .setEvent(entity.getEvent())
@@ -2050,6 +2095,27 @@ private OperationMetadata convertFromEntity(StatusEntity entity) {
     }
 
 
+    private Agent getAgent(UserRepresentation representation) {
+
+        Agent.Builder builder = Agent.newBuilder().setId(representation.getUsername())
+                .setIsEnabled(representation.isEnabled())
+                .setCreationTime(representation.getCreatedTimestamp());
+
+        for (String key : representation.getAttributes().keySet()) {
+            UserAttribute attribute = UserAttribute.newBuilder().setKey(key)
+                    .addAllValues(representation.getAttributes().get(key))
+                    .build();
+            builder.addAttributes(attribute);
+        }
+
+        if (representation.getRealmRoles() != null && !representation.getRealmRoles().isEmpty()) {
+            builder.addAllRealmRoles(representation.getRealmRoles());
+        }
+
+        return builder.build();
+    }
+
+
     private org.apache.custos.iam.service.UserRepresentation getUser(UserRepresentation representation, String clientId) {
         String state = Status.PENDING_CONFIRMATION;
         if (representation.isEnabled()) {

custos-core-services/iam-admin-core-service/src/main/java/org/apache/custos/iam/validator/InputValidator.java

@@ -135,6 +135,9 @@ public void validate(String methodName, Object obj) {
             case "deleteRolesFromAgent":
                 validateDeleteRolesFromAgent(obj);
                 break;
+            case "getAllResources":
+                validateGetAllResources(obj);
+                break;
 
 
             default:
@@ -892,4 +895,27 @@ private boolean validateDeleteRolesFromAgent(Object obj) {
     }
 
 
+    private boolean validateGetAllResources(Object obj) {
+        if (obj instanceof GetAllResources) {
+            GetAllResources request = (GetAllResources) obj;
+
+            if (request.getTenantId() == 0) {
+                throw new MissingParameterException("Tenant Id should not be null", null);
+            }
+
+            if (request.getClientId() == null || request.getClientId().trim().equals("")) {
+                throw new MissingParameterException("Client Id should not be null", null);
+            }
+
+            if (request.getResourceType() == null) {
+                throw new MissingParameterException("Resource  type should not be null", null);
+            }
+
+
+        } else {
+            throw new RuntimeException("Unexpected input type for method getAllResources");
+        }
+        return true;
+    }
+
 }

custos-core-services/iam-admin-core-service/src/main/proto/IamAdminService.proto

@@ -282,6 +282,10 @@ enum ClaimJSONTypes {
     JSON = 4;
 }
 
+enum ResourceTypes {
+    USER =0;
+    AGENT = 1;
+}
 
 message OperationStatus {
     bool status = 1;
@@ -375,6 +379,18 @@ message Agent {
 }
 
 
+message GetAllResources {
+    int64 tenantId = 1;
+    string clientId = 2;
+    ResourceTypes resource_type = 3;
+}
+
+message GetAllResourcesResponse {
+    repeated Agent agents = 1;
+    repeated UserRepresentation users = 2;
+}
+
+
 service IamAdminService {
 
     rpc setUPTenant (SetUpTenantRequest) returns (SetUpTenantResponse);
@@ -437,4 +453,7 @@ service IamAdminService {
     rpc deleteAgentRoles (DeleteUserRolesRequest) returns (OperationStatus);
 
 
+    rpc getAllResources (GetAllResources) returns (GetAllResourcesResponse);
+
+
 }

custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakClient.java

@@ -889,7 +889,7 @@ public boolean configureOIDCFederatedIDP(String realmId, String displayName, Str
             idp.getConfig().put("defaultScope", scopes);
             idp.getConfig().put("issuer", ciLogonIssuerUri);
             idp.getConfig().put("jwksUri", jwksUri);
-            idp.getConfig().put("forwardParameters","idphint");
+            idp.getConfig().put("forwardParameters", "idphint");
 
             realmResource.identityProviders().create(idp);
 
@@ -1047,6 +1047,39 @@ public boolean addProtocolMapper(ProtocolMapperRepresentation protocolMapperRepr
     }
 
 
+    /**
+     * Get all users of given tenant
+     *
+     * @param realmId
+     * @return
+     */
+    public List<UserRepresentation> getAllUsers(String realmId) {
+        Keycloak client = null;
+        try {
+            client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
+
+            List<UserRepresentation> representations = client.realm(realmId).users().list();
+            List<UserRepresentation> representationList = new ArrayList<>();
+            if (representations != null && !representations.isEmpty()) {
+                for (UserRepresentation userRepresentation : representations) {
+                    UserRepresentation userRep = getUserByUsername(client, realmId, userRepresentation.getUsername());
+                    representationList.add(userRep);
+                }
+            }
+            return representationList;
+        } catch (Exception ex) {
+            String msg = "Error occurred while adding protocol mappers in Keycloak Server, reason: " + ex.getMessage();
+            LOGGER.error(msg, ex);
+            throw new RuntimeException(msg, ex);
+
+        } finally {
+            if (client != null) {
+                client.close();
+            }
+        }
+    }
+
+
     /**
      * Configure Roles in keycloak Realm or Client
      *
@@ -1630,24 +1663,26 @@ public boolean isValidEndUser(String realmId, String username, String accessToke
 
             client = getClient(iamServerURL, realmId, accessToken);
 
-            UserRepresentation representation = getUserByUsername(client, realmId, username);
-
-            if (representation == null) {
-                return false;
+            return isValidEndUser(client, realmId, username);
+        } catch (Exception ex) {
+            String msg = "Error occurred end user validity: " + ex.getMessage();
+            LOGGER.error(msg, ex);
+            throw new RuntimeException(msg, ex);
+        } finally {
+            if (client != null) {
+                client.close();
             }
+        }
 
-            Map<String, List<String>> attributes = representation.getAttributes();
 
-            if (attributes != null && !attributes.isEmpty()) {
+    }
 
-                for (String key : attributes.keySet()) {
-                    if (key.equals(Constants.CUSTOS_REALM_AGENT)) {
-                        return false;
-                    }
+    public boolean isValidEndUser(String realmId, String username) {
+        Keycloak client = null;
+        try {
+            client = getClient(iamServerURL, superAdminRealmID, superAdminUserName, superAdminPassword);
 
-                }
-            }
-            return true;
+            return isValidEndUser(client, realmId, username);
         } catch (Exception ex) {
             String msg = "Error occurred end user validity: " + ex.getMessage();
             LOGGER.error(msg, ex);
@@ -1662,6 +1697,28 @@ public boolean isValidEndUser(String realmId, String username, String accessToke
     }
 
 
+    private boolean isValidEndUser(Keycloak client, String realmId, String username) {
+        UserRepresentation representation = getUserByUsername(client, realmId, username);
+
+        if (representation == null) {
+            return false;
+        }
+
+        Map<String, List<String>> attributes = representation.getAttributes();
+
+        if (attributes != null && !attributes.isEmpty()) {
+
+            for (String key : attributes.keySet()) {
+                if (key.equals(Constants.CUSTOS_REALM_AGENT)) {
+                    return false;
+                }
+
+            }
+        }
+        return true;
+    }
+
+
     private ResteasyClient getRestClient() {
         return new ResteasyClientBuilder()
                 .connectionPoolSize(POOL_SIZE)