diff --git a/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java b/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java index 97b98ec..cf70242 100644 --- a/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java +++ b/catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java @@ -35,6 +35,10 @@ import org.gcube.application.geoportalcommon.shared.SearchingFilter.ORDER; import org.gcube.application.geoportalcommon.shared.WhereClause; import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV; import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.authorization.utils.manager.SecretManager; +import org.gcube.common.authorization.utils.manager.SecretManagerProvider; +import org.gcube.common.authorization.utils.secret.GCubeSecret; +import org.gcube.common.authorization.utils.secret.Secret; import org.gcube.common.scope.api.ScopeProvider; import org.junit.Test; @@ -61,7 +65,7 @@ import test.TestContextConfig; * Jun 25, 2024 */ @Slf4j -public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest { +public class GeoportalToCatalogueBatchPublisher { public final static String profileID = "profiledConcessioni"; public final static Integer MAX_ITEMS = 1; @@ -81,8 +85,7 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest { */ //@Test public void testPublish() { - //org.junit.Assume.assumeTrue(GCubeTest.isTestInfrastructureEnabled()); - //CatalogueBindingPlugin plugin = (CatalogueBindingPlugin) plugins.get(CatalogueBindingPlugin.DESCRIPTOR.getId()); + procedureToPublishProjectsOnCatalogue(); // String projectId = " 6663016a312dc236d217be5c"; @@ -218,6 +221,14 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest { ScopeProvider.instance.set(targetScope); SecurityTokenProvider.instance.set(targetToken); + + + + SecretManager secretManager = new SecretManager(); + Secret secret = new GCubeSecret(targetToken); + secretManager.addSecret(secret); + SecretManagerProvider.instance.set(secretManager); + log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: " + theProject.getId()); diff --git a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java index c3bfdb7..bd9c3c7 100644 --- a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java +++ b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java @@ -5,47 +5,117 @@ import java.util.Map.Entry; import javax.ws.rs.InternalServerErrorException; +import org.gcube.common.authorization.utils.manager.SecretManager; import org.gcube.common.authorization.utils.manager.SecretManagerProvider; import org.gcube.common.authorization.utils.secret.JWTSecret; import org.gcube.common.authorization.utils.secret.Secret; import org.gcube.common.keycloak.KeycloakClientFactory; import org.gcube.common.keycloak.model.TokenResponse; +import org.gcube.common.scope.api.ScopeProvider; import lombok.extern.slf4j.Slf4j; +/** + * The Class GeoportalServiceAccount. + * + * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it + * + * Jul 3, 2024 + */ @Slf4j public class GeoportalServiceAccount { - //geoportal service account config property file + // geoportal service account config property file protected static final String CLIENT_ID_PROPERTY_NAME = "clientId"; - + + private static final String SE_PROFILE_NAME = "geoportal"; + private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient"; + private static String clientId = "geoportal"; - + + /** + * Gets the client id and client secret. + * + * @param context the context + * @return the client id and client secret + */ private static Entry getClientIdAndClientSecret(String context) { try { - IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(); - - clientId = credentials.getClientId()==null?clientId:credentials.getClientId(); + IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(context, + SE_PROFILE_NAME, SE_CATEGORY_NAME); + + clientId = credentials.getClientId() == null ? clientId : credentials.getClientId(); String clientSecret = credentials.getClientSecret(); SimpleEntry entry = new SimpleEntry(clientId, clientSecret); return entry; - } catch(Exception e) { - throw new InternalServerErrorException( - "Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e); + } catch (Exception e) { + throw new InternalServerErrorException("Unable to retrieve Application Token for context " + + SecretManagerProvider.instance.get().getContext(), e); } } - + + /** + * Gets the JWT access token. + * + * @return the JWT access token + * @throws Exception the exception + */ private static TokenResponse getJWTAccessToken() throws Exception { - String context = SecretManagerProvider.instance.get().getContext(); - Entry entry = getClientIdAndClientSecret(context); - TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), entry.getValue(), context, null); - return tr; + SecretManager secretManager = SecretManagerProvider.instance.get(); + if (secretManager != null) { + String context = getContext(); + log.info("Context is {}", context); + Entry entry = getClientIdAndClientSecret(context); + TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), + entry.getValue(), context, null); + return tr; + } else { + throw new Exception(SecretManager.class.getSimpleName() + " is null!! Please set it"); + } } - + + /** + * Gets the context. + * + * @return the context + */ + public static String getContext() { + String context = null; + SecretManager secretManager = SecretManagerProvider.instance.get(); + + // Test case + if (secretManager == null) { + log.info(SecretManager.class.getSimpleName() + " is null trying to read the scope from " + + ScopeProvider.class.getSimpleName()); + context = ScopeProvider.instance.get(); + log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName()); + return context; + } + + context = secretManager.getContext(); + + if (context == null) { + log.info(SecretManager.class.getSimpleName() + " has getContext null trying to read the scope from " + + ScopeProvider.class.getSimpleName()); + context = ScopeProvider.instance.get(); + log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName()); + return context; + } + + log.info("Returning scope {} read from {}", context, SecretManager.class.getSimpleName()); + return context; + } + + /** + * Gets the geoportal secret. + * + * @return the geoportal secret + * @throws Exception the exception + */ public static Secret getGeoportalSecret() throws Exception { TokenResponse tr = getJWTAccessToken(); Secret secret = new JWTSecret(tr.getAccessToken()); return secret; } - + } diff --git a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java index 18a72a3..26a37b7 100644 --- a/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java +++ b/cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java @@ -6,7 +6,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor; import java.util.Collection; import java.util.List; -import org.gcube.common.authorization.utils.manager.SecretManagerProvider; import org.gcube.common.encryption.StringEncrypter; import org.gcube.common.resources.gcore.ServiceEndpoint; import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint; @@ -16,34 +15,31 @@ import org.gcube.resources.discovery.client.queries.api.SimpleQuery; import lombok.extern.slf4j.Slf4j; /** - * The Class GNABaseMapsResourceReader. + * The Class IAMClientCredentialsReader. * * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it * - * Sep 23, 2021 + * Jul 3, 2024 */ @Slf4j public class IAMClientCredentialsReader { - private static final String SE_PROFILE_NAME = "geoportal"; - private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient"; - /** * Gets the credentials. * + * @param currentContext the current context * @return the credentials * @throws Exception the exception */ - public static IAMClientCredentials getCredentials() throws Exception { + public static IAMClientCredentials getCredentials(String currentContext, String seProfileName, + String seCategoryName) throws Exception { - String currentContext = SecretManagerProvider.instance.get().getContext(); - - log.info("Searching SE in the scope: " + currentContext + " with profile name: " + SE_PROFILE_NAME - + " and category name: " + SE_CATEGORY_NAME); + log.info("Searching SE in the scope: " + currentContext + " with profile name: " + seProfileName + + " and category name: " + seCategoryName); SimpleQuery query = queryFor(ServiceEndpoint.class); - query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'"); - query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'"); + query.addCondition("$resource/Profile/Name/text() eq '" + seProfileName + "'"); + query.addCondition("$resource/Profile/Category/text() eq '" + seCategoryName + "'"); DiscoveryClient client = clientFor(ServiceEndpoint.class); List resources = client.submit(query); @@ -51,8 +47,8 @@ public class IAMClientCredentialsReader { if (resources.size() > 0) log.info("The query returned " + resources.size() + " ServiceEndpoint/s"); else - throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + SE_PROFILE_NAME - + "' and category name '" + SE_CATEGORY_NAME + "' in the scope: " + currentContext); + throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + seProfileName + + "' and category name '" + seCategoryName + "' in the scope: " + currentContext); ServiceEndpoint se = resources.get(0); Collection theAccessPoints = se.profile().accessPoints().asCollection(); @@ -74,7 +70,7 @@ public class IAMClientCredentialsReader { } } - log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME); + log.info("Returning keycloack credentials for SE {} read from SE", seProfileName); return new IAMClientCredentials(clientId, secredPwd); }