Updated Geoportal Service account
This commit is contained in:
parent
40339df334
commit
e8103dfe33
|
@ -35,6 +35,10 @@ import org.gcube.application.geoportalcommon.shared.SearchingFilter.ORDER;
|
||||||
import org.gcube.application.geoportalcommon.shared.WhereClause;
|
import org.gcube.application.geoportalcommon.shared.WhereClause;
|
||||||
import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV;
|
import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
|
import org.gcube.common.authorization.utils.manager.SecretManager;
|
||||||
|
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||||
|
import org.gcube.common.authorization.utils.secret.GCubeSecret;
|
||||||
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
|
@ -61,7 +65,7 @@ import test.TestContextConfig;
|
||||||
* Jun 25, 2024
|
* Jun 25, 2024
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
|
public class GeoportalToCatalogueBatchPublisher {
|
||||||
|
|
||||||
public final static String profileID = "profiledConcessioni";
|
public final static String profileID = "profiledConcessioni";
|
||||||
public final static Integer MAX_ITEMS = 1;
|
public final static Integer MAX_ITEMS = 1;
|
||||||
|
@ -81,8 +85,7 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
|
||||||
*/
|
*/
|
||||||
//@Test
|
//@Test
|
||||||
public void testPublish() {
|
public void testPublish() {
|
||||||
//org.junit.Assume.assumeTrue(GCubeTest.isTestInfrastructureEnabled());
|
|
||||||
//CatalogueBindingPlugin plugin = (CatalogueBindingPlugin) plugins.get(CatalogueBindingPlugin.DESCRIPTOR.getId());
|
|
||||||
procedureToPublishProjectsOnCatalogue();
|
procedureToPublishProjectsOnCatalogue();
|
||||||
|
|
||||||
// String projectId = " 6663016a312dc236d217be5c";
|
// String projectId = " 6663016a312dc236d217be5c";
|
||||||
|
@ -218,6 +221,14 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
|
||||||
|
|
||||||
ScopeProvider.instance.set(targetScope);
|
ScopeProvider.instance.set(targetScope);
|
||||||
SecurityTokenProvider.instance.set(targetToken);
|
SecurityTokenProvider.instance.set(targetToken);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
SecretManager secretManager = new SecretManager();
|
||||||
|
Secret secret = new GCubeSecret(targetToken);
|
||||||
|
secretManager.addSecret(secret);
|
||||||
|
SecretManagerProvider.instance.set(secretManager);
|
||||||
|
|
||||||
log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: "
|
log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: "
|
||||||
+ theProject.getId());
|
+ theProject.getId());
|
||||||
|
|
||||||
|
|
|
@ -5,47 +5,117 @@ import java.util.Map.Entry;
|
||||||
|
|
||||||
import javax.ws.rs.InternalServerErrorException;
|
import javax.ws.rs.InternalServerErrorException;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.utils.manager.SecretManager;
|
||||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||||
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
||||||
import org.gcube.common.authorization.utils.secret.Secret;
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
import org.gcube.common.keycloak.model.TokenResponse;
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The Class GeoportalServiceAccount.
|
||||||
|
*
|
||||||
|
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
|
||||||
|
*
|
||||||
|
* Jul 3, 2024
|
||||||
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class GeoportalServiceAccount {
|
public class GeoportalServiceAccount {
|
||||||
|
|
||||||
//geoportal service account config property file
|
// geoportal service account config property file
|
||||||
protected static final String CLIENT_ID_PROPERTY_NAME = "clientId";
|
protected static final String CLIENT_ID_PROPERTY_NAME = "clientId";
|
||||||
|
|
||||||
|
private static final String SE_PROFILE_NAME = "geoportal";
|
||||||
|
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
|
||||||
|
|
||||||
private static String clientId = "geoportal";
|
private static String clientId = "geoportal";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the client id and client secret.
|
||||||
|
*
|
||||||
|
* @param context the context
|
||||||
|
* @return the client id and client secret
|
||||||
|
*/
|
||||||
private static Entry<String, String> getClientIdAndClientSecret(String context) {
|
private static Entry<String, String> getClientIdAndClientSecret(String context) {
|
||||||
try {
|
try {
|
||||||
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials();
|
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(context,
|
||||||
|
SE_PROFILE_NAME, SE_CATEGORY_NAME);
|
||||||
clientId = credentials.getClientId()==null?clientId:credentials.getClientId();
|
|
||||||
|
clientId = credentials.getClientId() == null ? clientId : credentials.getClientId();
|
||||||
String clientSecret = credentials.getClientSecret();
|
String clientSecret = credentials.getClientSecret();
|
||||||
SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret);
|
SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret);
|
||||||
return entry;
|
return entry;
|
||||||
} catch(Exception e) {
|
} catch (Exception e) {
|
||||||
throw new InternalServerErrorException(
|
throw new InternalServerErrorException("Unable to retrieve Application Token for context "
|
||||||
"Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e);
|
+ SecretManagerProvider.instance.get().getContext(), e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the JWT access token.
|
||||||
|
*
|
||||||
|
* @return the JWT access token
|
||||||
|
* @throws Exception the exception
|
||||||
|
*/
|
||||||
private static TokenResponse getJWTAccessToken() throws Exception {
|
private static TokenResponse getJWTAccessToken() throws Exception {
|
||||||
String context = SecretManagerProvider.instance.get().getContext();
|
SecretManager secretManager = SecretManagerProvider.instance.get();
|
||||||
Entry<String,String> entry = getClientIdAndClientSecret(context);
|
if (secretManager != null) {
|
||||||
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), entry.getValue(), context, null);
|
String context = getContext();
|
||||||
return tr;
|
log.info("Context is {}", context);
|
||||||
|
Entry<String, String> entry = getClientIdAndClientSecret(context);
|
||||||
|
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(),
|
||||||
|
entry.getValue(), context, null);
|
||||||
|
return tr;
|
||||||
|
} else {
|
||||||
|
throw new Exception(SecretManager.class.getSimpleName() + " is null!! Please set it");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the context.
|
||||||
|
*
|
||||||
|
* @return the context
|
||||||
|
*/
|
||||||
|
public static String getContext() {
|
||||||
|
String context = null;
|
||||||
|
SecretManager secretManager = SecretManagerProvider.instance.get();
|
||||||
|
|
||||||
|
// Test case
|
||||||
|
if (secretManager == null) {
|
||||||
|
log.info(SecretManager.class.getSimpleName() + " is null trying to read the scope from "
|
||||||
|
+ ScopeProvider.class.getSimpleName());
|
||||||
|
context = ScopeProvider.instance.get();
|
||||||
|
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
|
||||||
|
context = secretManager.getContext();
|
||||||
|
|
||||||
|
if (context == null) {
|
||||||
|
log.info(SecretManager.class.getSimpleName() + " has getContext null trying to read the scope from "
|
||||||
|
+ ScopeProvider.class.getSimpleName());
|
||||||
|
context = ScopeProvider.instance.get();
|
||||||
|
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
|
||||||
|
log.info("Returning scope {} read from {}", context, SecretManager.class.getSimpleName());
|
||||||
|
return context;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the geoportal secret.
|
||||||
|
*
|
||||||
|
* @return the geoportal secret
|
||||||
|
* @throws Exception the exception
|
||||||
|
*/
|
||||||
public static Secret getGeoportalSecret() throws Exception {
|
public static Secret getGeoportalSecret() throws Exception {
|
||||||
TokenResponse tr = getJWTAccessToken();
|
TokenResponse tr = getJWTAccessToken();
|
||||||
Secret secret = new JWTSecret(tr.getAccessToken());
|
Secret secret = new JWTSecret(tr.getAccessToken());
|
||||||
return secret;
|
return secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,7 +6,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
|
||||||
import org.gcube.common.encryption.StringEncrypter;
|
import org.gcube.common.encryption.StringEncrypter;
|
||||||
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||||
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||||||
|
@ -16,34 +15,31 @@ import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The Class GNABaseMapsResourceReader.
|
* The Class IAMClientCredentialsReader.
|
||||||
*
|
*
|
||||||
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
|
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
|
||||||
*
|
*
|
||||||
* Sep 23, 2021
|
* Jul 3, 2024
|
||||||
*/
|
*/
|
||||||
@Slf4j
|
@Slf4j
|
||||||
public class IAMClientCredentialsReader {
|
public class IAMClientCredentialsReader {
|
||||||
|
|
||||||
private static final String SE_PROFILE_NAME = "geoportal";
|
|
||||||
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the credentials.
|
* Gets the credentials.
|
||||||
*
|
*
|
||||||
|
* @param currentContext the current context
|
||||||
* @return the credentials
|
* @return the credentials
|
||||||
* @throws Exception the exception
|
* @throws Exception the exception
|
||||||
*/
|
*/
|
||||||
public static IAMClientCredentials getCredentials() throws Exception {
|
public static IAMClientCredentials getCredentials(String currentContext, String seProfileName,
|
||||||
|
String seCategoryName) throws Exception {
|
||||||
|
|
||||||
String currentContext = SecretManagerProvider.instance.get().getContext();
|
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + seProfileName
|
||||||
|
+ " and category name: " + seCategoryName);
|
||||||
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + SE_PROFILE_NAME
|
|
||||||
+ " and category name: " + SE_CATEGORY_NAME);
|
|
||||||
|
|
||||||
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||||||
query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'");
|
query.addCondition("$resource/Profile/Name/text() eq '" + seProfileName + "'");
|
||||||
query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'");
|
query.addCondition("$resource/Profile/Category/text() eq '" + seCategoryName + "'");
|
||||||
|
|
||||||
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||||
List<ServiceEndpoint> resources = client.submit(query);
|
List<ServiceEndpoint> resources = client.submit(query);
|
||||||
|
@ -51,8 +47,8 @@ public class IAMClientCredentialsReader {
|
||||||
if (resources.size() > 0)
|
if (resources.size() > 0)
|
||||||
log.info("The query returned " + resources.size() + " ServiceEndpoint/s");
|
log.info("The query returned " + resources.size() + " ServiceEndpoint/s");
|
||||||
else
|
else
|
||||||
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + SE_PROFILE_NAME
|
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + seProfileName
|
||||||
+ "' and category name '" + SE_CATEGORY_NAME + "' in the scope: " + currentContext);
|
+ "' and category name '" + seCategoryName + "' in the scope: " + currentContext);
|
||||||
|
|
||||||
ServiceEndpoint se = resources.get(0);
|
ServiceEndpoint se = resources.get(0);
|
||||||
Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
|
Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
|
||||||
|
@ -74,7 +70,7 @@ public class IAMClientCredentialsReader {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME);
|
log.info("Returning keycloack credentials for SE {} read from SE", seProfileName);
|
||||||
return new IAMClientCredentials(clientId, secredPwd);
|
return new IAMClientCredentials(clientId, secredPwd);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue