Updated Geoportal Service account

This commit is contained in:
Francesco Mangiacrapa 2024-07-03 15:01:18 +02:00
parent 40339df334
commit e8103dfe33
3 changed files with 112 additions and 35 deletions

View File

@ -35,6 +35,10 @@ import org.gcube.application.geoportalcommon.shared.SearchingFilter.ORDER;
import org.gcube.application.geoportalcommon.shared.WhereClause; import org.gcube.application.geoportalcommon.shared.WhereClause;
import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV; import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.authorization.utils.secret.GCubeSecret;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.scope.api.ScopeProvider; import org.gcube.common.scope.api.ScopeProvider;
import org.junit.Test; import org.junit.Test;
@ -61,7 +65,7 @@ import test.TestContextConfig;
* Jun 25, 2024 * Jun 25, 2024
*/ */
@Slf4j @Slf4j
public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest { public class GeoportalToCatalogueBatchPublisher {
public final static String profileID = "profiledConcessioni"; public final static String profileID = "profiledConcessioni";
public final static Integer MAX_ITEMS = 1; public final static Integer MAX_ITEMS = 1;
@ -81,8 +85,7 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
*/ */
//@Test //@Test
public void testPublish() { public void testPublish() {
//org.junit.Assume.assumeTrue(GCubeTest.isTestInfrastructureEnabled());
//CatalogueBindingPlugin plugin = (CatalogueBindingPlugin) plugins.get(CatalogueBindingPlugin.DESCRIPTOR.getId());
procedureToPublishProjectsOnCatalogue(); procedureToPublishProjectsOnCatalogue();
// String projectId = " 6663016a312dc236d217be5c"; // String projectId = " 6663016a312dc236d217be5c";
@ -218,6 +221,14 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
ScopeProvider.instance.set(targetScope); ScopeProvider.instance.set(targetScope);
SecurityTokenProvider.instance.set(targetToken); SecurityTokenProvider.instance.set(targetToken);
SecretManager secretManager = new SecretManager();
Secret secret = new GCubeSecret(targetToken);
secretManager.addSecret(secret);
SecretManagerProvider.instance.set(secretManager);
log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: " log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: "
+ theProject.getId()); + theProject.getId());

View File

@ -5,43 +5,113 @@ import java.util.Map.Entry;
import javax.ws.rs.InternalServerErrorException; import javax.ws.rs.InternalServerErrorException;
import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider; import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.authorization.utils.secret.JWTSecret; import org.gcube.common.authorization.utils.secret.JWTSecret;
import org.gcube.common.authorization.utils.secret.Secret; import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.keycloak.KeycloakClientFactory; import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.TokenResponse; import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.scope.api.ScopeProvider;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
/**
* The Class GeoportalServiceAccount.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Jul 3, 2024
*/
@Slf4j @Slf4j
public class GeoportalServiceAccount { public class GeoportalServiceAccount {
//geoportal service account config property file // geoportal service account config property file
protected static final String CLIENT_ID_PROPERTY_NAME = "clientId"; protected static final String CLIENT_ID_PROPERTY_NAME = "clientId";
private static final String SE_PROFILE_NAME = "geoportal";
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
private static String clientId = "geoportal"; private static String clientId = "geoportal";
/**
* Gets the client id and client secret.
*
* @param context the context
* @return the client id and client secret
*/
private static Entry<String, String> getClientIdAndClientSecret(String context) { private static Entry<String, String> getClientIdAndClientSecret(String context) {
try { try {
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(); IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(context,
SE_PROFILE_NAME, SE_CATEGORY_NAME);
clientId = credentials.getClientId()==null?clientId:credentials.getClientId(); clientId = credentials.getClientId() == null ? clientId : credentials.getClientId();
String clientSecret = credentials.getClientSecret(); String clientSecret = credentials.getClientSecret();
SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret); SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret);
return entry; return entry;
} catch(Exception e) { } catch (Exception e) {
throw new InternalServerErrorException( throw new InternalServerErrorException("Unable to retrieve Application Token for context "
"Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e); + SecretManagerProvider.instance.get().getContext(), e);
} }
} }
/**
* Gets the JWT access token.
*
* @return the JWT access token
* @throws Exception the exception
*/
private static TokenResponse getJWTAccessToken() throws Exception { private static TokenResponse getJWTAccessToken() throws Exception {
String context = SecretManagerProvider.instance.get().getContext(); SecretManager secretManager = SecretManagerProvider.instance.get();
Entry<String,String> entry = getClientIdAndClientSecret(context); if (secretManager != null) {
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), entry.getValue(), context, null); String context = getContext();
return tr; log.info("Context is {}", context);
Entry<String, String> entry = getClientIdAndClientSecret(context);
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(),
entry.getValue(), context, null);
return tr;
} else {
throw new Exception(SecretManager.class.getSimpleName() + " is null!! Please set it");
}
} }
/**
* Gets the context.
*
* @return the context
*/
public static String getContext() {
String context = null;
SecretManager secretManager = SecretManagerProvider.instance.get();
// Test case
if (secretManager == null) {
log.info(SecretManager.class.getSimpleName() + " is null trying to read the scope from "
+ ScopeProvider.class.getSimpleName());
context = ScopeProvider.instance.get();
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
return context;
}
context = secretManager.getContext();
if (context == null) {
log.info(SecretManager.class.getSimpleName() + " has getContext null trying to read the scope from "
+ ScopeProvider.class.getSimpleName());
context = ScopeProvider.instance.get();
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
return context;
}
log.info("Returning scope {} read from {}", context, SecretManager.class.getSimpleName());
return context;
}
/**
* Gets the geoportal secret.
*
* @return the geoportal secret
* @throws Exception the exception
*/
public static Secret getGeoportalSecret() throws Exception { public static Secret getGeoportalSecret() throws Exception {
TokenResponse tr = getJWTAccessToken(); TokenResponse tr = getJWTAccessToken();
Secret secret = new JWTSecret(tr.getAccessToken()); Secret secret = new JWTSecret(tr.getAccessToken());

View File

@ -6,7 +6,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.encryption.StringEncrypter; import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.resources.gcore.ServiceEndpoint; import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint; import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
@ -16,34 +15,31 @@ import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
/** /**
* The Class GNABaseMapsResourceReader. * The Class IAMClientCredentialsReader.
* *
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
* *
* Sep 23, 2021 * Jul 3, 2024
*/ */
@Slf4j @Slf4j
public class IAMClientCredentialsReader { public class IAMClientCredentialsReader {
private static final String SE_PROFILE_NAME = "geoportal";
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
/** /**
* Gets the credentials. * Gets the credentials.
* *
* @param currentContext the current context
* @return the credentials * @return the credentials
* @throws Exception the exception * @throws Exception the exception
*/ */
public static IAMClientCredentials getCredentials() throws Exception { public static IAMClientCredentials getCredentials(String currentContext, String seProfileName,
String seCategoryName) throws Exception {
String currentContext = SecretManagerProvider.instance.get().getContext(); log.info("Searching SE in the scope: " + currentContext + " with profile name: " + seProfileName
+ " and category name: " + seCategoryName);
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + SE_PROFILE_NAME
+ " and category name: " + SE_CATEGORY_NAME);
SimpleQuery query = queryFor(ServiceEndpoint.class); SimpleQuery query = queryFor(ServiceEndpoint.class);
query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'"); query.addCondition("$resource/Profile/Name/text() eq '" + seProfileName + "'");
query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'"); query.addCondition("$resource/Profile/Category/text() eq '" + seCategoryName + "'");
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class); DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
List<ServiceEndpoint> resources = client.submit(query); List<ServiceEndpoint> resources = client.submit(query);
@ -51,8 +47,8 @@ public class IAMClientCredentialsReader {
if (resources.size() > 0) if (resources.size() > 0)
log.info("The query returned " + resources.size() + " ServiceEndpoint/s"); log.info("The query returned " + resources.size() + " ServiceEndpoint/s");
else else
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + SE_PROFILE_NAME throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + seProfileName
+ "' and category name '" + SE_CATEGORY_NAME + "' in the scope: " + currentContext); + "' and category name '" + seCategoryName + "' in the scope: " + currentContext);
ServiceEndpoint se = resources.get(0); ServiceEndpoint se = resources.get(0);
Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection(); Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
@ -74,7 +70,7 @@ public class IAMClientCredentialsReader {
} }
} }
log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME); log.info("Returning keycloack credentials for SE {} read from SE", seProfileName);
return new IAMClientCredentials(clientId, secredPwd); return new IAMClientCredentials(clientId, secredPwd);
} }