Updated Geoportal Service account
This commit is contained in:
parent
40339df334
commit
e8103dfe33
|
@ -35,6 +35,10 @@ import org.gcube.application.geoportalcommon.shared.SearchingFilter.ORDER;
|
|||
import org.gcube.application.geoportalcommon.shared.WhereClause;
|
||||
import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.utils.manager.SecretManager;
|
||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||
import org.gcube.common.authorization.utils.secret.GCubeSecret;
|
||||
import org.gcube.common.authorization.utils.secret.Secret;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.junit.Test;
|
||||
|
||||
|
@ -61,7 +65,7 @@ import test.TestContextConfig;
|
|||
* Jun 25, 2024
|
||||
*/
|
||||
@Slf4j
|
||||
public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
|
||||
public class GeoportalToCatalogueBatchPublisher {
|
||||
|
||||
public final static String profileID = "profiledConcessioni";
|
||||
public final static Integer MAX_ITEMS = 1;
|
||||
|
@ -81,8 +85,7 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
|
|||
*/
|
||||
//@Test
|
||||
public void testPublish() {
|
||||
//org.junit.Assume.assumeTrue(GCubeTest.isTestInfrastructureEnabled());
|
||||
//CatalogueBindingPlugin plugin = (CatalogueBindingPlugin) plugins.get(CatalogueBindingPlugin.DESCRIPTOR.getId());
|
||||
|
||||
procedureToPublishProjectsOnCatalogue();
|
||||
|
||||
// String projectId = " 6663016a312dc236d217be5c";
|
||||
|
@ -218,6 +221,14 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
|
|||
|
||||
ScopeProvider.instance.set(targetScope);
|
||||
SecurityTokenProvider.instance.set(targetToken);
|
||||
|
||||
|
||||
|
||||
SecretManager secretManager = new SecretManager();
|
||||
Secret secret = new GCubeSecret(targetToken);
|
||||
secretManager.addSecret(secret);
|
||||
SecretManagerProvider.instance.set(secretManager);
|
||||
|
||||
log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: "
|
||||
+ theProject.getId());
|
||||
|
||||
|
|
|
@ -5,43 +5,113 @@ import java.util.Map.Entry;
|
|||
|
||||
import javax.ws.rs.InternalServerErrorException;
|
||||
|
||||
import org.gcube.common.authorization.utils.manager.SecretManager;
|
||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
||||
import org.gcube.common.authorization.utils.secret.Secret;
|
||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
/**
|
||||
* The Class GeoportalServiceAccount.
|
||||
*
|
||||
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
|
||||
*
|
||||
* Jul 3, 2024
|
||||
*/
|
||||
@Slf4j
|
||||
public class GeoportalServiceAccount {
|
||||
|
||||
// geoportal service account config property file
|
||||
protected static final String CLIENT_ID_PROPERTY_NAME = "clientId";
|
||||
|
||||
private static final String SE_PROFILE_NAME = "geoportal";
|
||||
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
|
||||
|
||||
private static String clientId = "geoportal";
|
||||
|
||||
/**
|
||||
* Gets the client id and client secret.
|
||||
*
|
||||
* @param context the context
|
||||
* @return the client id and client secret
|
||||
*/
|
||||
private static Entry<String, String> getClientIdAndClientSecret(String context) {
|
||||
try {
|
||||
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials();
|
||||
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(context,
|
||||
SE_PROFILE_NAME, SE_CATEGORY_NAME);
|
||||
|
||||
clientId = credentials.getClientId() == null ? clientId : credentials.getClientId();
|
||||
String clientSecret = credentials.getClientSecret();
|
||||
SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret);
|
||||
return entry;
|
||||
} catch (Exception e) {
|
||||
throw new InternalServerErrorException(
|
||||
"Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e);
|
||||
throw new InternalServerErrorException("Unable to retrieve Application Token for context "
|
||||
+ SecretManagerProvider.instance.get().getContext(), e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the JWT access token.
|
||||
*
|
||||
* @return the JWT access token
|
||||
* @throws Exception the exception
|
||||
*/
|
||||
private static TokenResponse getJWTAccessToken() throws Exception {
|
||||
String context = SecretManagerProvider.instance.get().getContext();
|
||||
SecretManager secretManager = SecretManagerProvider.instance.get();
|
||||
if (secretManager != null) {
|
||||
String context = getContext();
|
||||
log.info("Context is {}", context);
|
||||
Entry<String, String> entry = getClientIdAndClientSecret(context);
|
||||
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), entry.getValue(), context, null);
|
||||
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(),
|
||||
entry.getValue(), context, null);
|
||||
return tr;
|
||||
} else {
|
||||
throw new Exception(SecretManager.class.getSimpleName() + " is null!! Please set it");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the context.
|
||||
*
|
||||
* @return the context
|
||||
*/
|
||||
public static String getContext() {
|
||||
String context = null;
|
||||
SecretManager secretManager = SecretManagerProvider.instance.get();
|
||||
|
||||
// Test case
|
||||
if (secretManager == null) {
|
||||
log.info(SecretManager.class.getSimpleName() + " is null trying to read the scope from "
|
||||
+ ScopeProvider.class.getSimpleName());
|
||||
context = ScopeProvider.instance.get();
|
||||
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
|
||||
return context;
|
||||
}
|
||||
|
||||
context = secretManager.getContext();
|
||||
|
||||
if (context == null) {
|
||||
log.info(SecretManager.class.getSimpleName() + " has getContext null trying to read the scope from "
|
||||
+ ScopeProvider.class.getSimpleName());
|
||||
context = ScopeProvider.instance.get();
|
||||
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
|
||||
return context;
|
||||
}
|
||||
|
||||
log.info("Returning scope {} read from {}", context, SecretManager.class.getSimpleName());
|
||||
return context;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the geoportal secret.
|
||||
*
|
||||
* @return the geoportal secret
|
||||
* @throws Exception the exception
|
||||
*/
|
||||
public static Secret getGeoportalSecret() throws Exception {
|
||||
TokenResponse tr = getJWTAccessToken();
|
||||
Secret secret = new JWTSecret(tr.getAccessToken());
|
||||
|
|
|
@ -6,7 +6,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
|||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||
import org.gcube.common.encryption.StringEncrypter;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||||
|
@ -16,34 +15,31 @@ import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
|||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
/**
|
||||
* The Class GNABaseMapsResourceReader.
|
||||
* The Class IAMClientCredentialsReader.
|
||||
*
|
||||
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
|
||||
*
|
||||
* Sep 23, 2021
|
||||
* Jul 3, 2024
|
||||
*/
|
||||
@Slf4j
|
||||
public class IAMClientCredentialsReader {
|
||||
|
||||
private static final String SE_PROFILE_NAME = "geoportal";
|
||||
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
|
||||
|
||||
/**
|
||||
* Gets the credentials.
|
||||
*
|
||||
* @param currentContext the current context
|
||||
* @return the credentials
|
||||
* @throws Exception the exception
|
||||
*/
|
||||
public static IAMClientCredentials getCredentials() throws Exception {
|
||||
public static IAMClientCredentials getCredentials(String currentContext, String seProfileName,
|
||||
String seCategoryName) throws Exception {
|
||||
|
||||
String currentContext = SecretManagerProvider.instance.get().getContext();
|
||||
|
||||
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + SE_PROFILE_NAME
|
||||
+ " and category name: " + SE_CATEGORY_NAME);
|
||||
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + seProfileName
|
||||
+ " and category name: " + seCategoryName);
|
||||
|
||||
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||||
query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'");
|
||||
query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'");
|
||||
query.addCondition("$resource/Profile/Name/text() eq '" + seProfileName + "'");
|
||||
query.addCondition("$resource/Profile/Category/text() eq '" + seCategoryName + "'");
|
||||
|
||||
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||
List<ServiceEndpoint> resources = client.submit(query);
|
||||
|
@ -51,8 +47,8 @@ public class IAMClientCredentialsReader {
|
|||
if (resources.size() > 0)
|
||||
log.info("The query returned " + resources.size() + " ServiceEndpoint/s");
|
||||
else
|
||||
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + SE_PROFILE_NAME
|
||||
+ "' and category name '" + SE_CATEGORY_NAME + "' in the scope: " + currentContext);
|
||||
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + seProfileName
|
||||
+ "' and category name '" + seCategoryName + "' in the scope: " + currentContext);
|
||||
|
||||
ServiceEndpoint se = resources.get(0);
|
||||
Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
|
||||
|
@ -74,7 +70,7 @@ public class IAMClientCredentialsReader {
|
|||
}
|
||||
}
|
||||
|
||||
log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME);
|
||||
log.info("Returning keycloack credentials for SE {} read from SE", seProfileName);
|
||||
return new IAMClientCredentials(clientId, secredPwd);
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue