gCubeSystem
/
gcube-cms-suite
15
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updated Geoportal Service account

This commit is contained in:
Francesco Mangiacrapa 2024-07-03 15:01:18 +02:00
parent 40339df334
commit e8103dfe33
3 changed files with 112 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
catalogue-binding-plugin/src/test/java/geoportal_to_catalogue/GeoportalToCatalogueBatchPublisher.java
View File

@ -35,6 +35,10 @@ import org.gcube.application.geoportalcommon.shared.SearchingFilter.ORDER;
import org.gcube.application.geoportalcommon.shared.WhereClause;
import org.gcube.application.geoportalcommon.shared.geoportal.config.ItemFieldDV;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.authorization.utils.secret.GCubeSecret;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.scope.api.ScopeProvider;
import org.junit.Test;
@ -61,7 +65,7 @@ import test.TestContextConfig;
* Jun 25, 2024
*/
@Slf4j
public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
public class GeoportalToCatalogueBatchPublisher {
public final static String profileID = "profiledConcessioni";
public final static Integer MAX_ITEMS = 1;
@ -81,8 +85,7 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
*/
//@Test
public void testPublish() {
//org.junit.Assume.assumeTrue(GCubeTest.isTestInfrastructureEnabled());
//CatalogueBindingPlugin plugin = (CatalogueBindingPlugin) plugins.get(CatalogueBindingPlugin.DESCRIPTOR.getId());
procedureToPublishProjectsOnCatalogue();
// String projectId = " 6663016a312dc236d217be5c";
@ -218,6 +221,14 @@ public class GeoportalToCatalogueBatchPublisher extends BasicPluginTest {
ScopeProvider.instance.set(targetScope);
SecurityTokenProvider.instance.set(targetToken);
SecretManager secretManager = new SecretManager();
Secret secret = new GCubeSecret(targetToken);
secretManager.addSecret(secret);
SecretManagerProvider.instance.set(secretManager);
log.info("\n publishOnCatalogue the PROJECT N. " + counter + " with id: "
+ theProject.getId());

102
cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/GeoportalServiceAccount.java
View File

@ -5,47 +5,117 @@ import java.util.Map.Entry;
import javax.ws.rs.InternalServerErrorException;
import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.authorization.utils.secret.JWTSecret;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.scope.api.ScopeProvider;
import lombok.extern.slf4j.Slf4j;
/**
* The Class GeoportalServiceAccount.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Jul 3, 2024
*/
@Slf4j
public class GeoportalServiceAccount {
//geoportal service account config property file
// geoportal service account config property file
protected static final String CLIENT_ID_PROPERTY_NAME = "clientId";
private static final String SE_PROFILE_NAME = "geoportal";
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
private static String clientId = "geoportal";
/**
* Gets the client id and client secret.
*
* @param context the context
* @return the client id and client secret
*/
private static Entry<String, String> getClientIdAndClientSecret(String context) {
try {
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials();
clientId = credentials.getClientId()==null?clientId:credentials.getClientId();
IAMClientCredentials credentials = IAMClientCredentialsReader.getCredentials(context,
SE_PROFILE_NAME, SE_CATEGORY_NAME);
clientId = credentials.getClientId() == null ? clientId : credentials.getClientId();
String clientSecret = credentials.getClientSecret();
SimpleEntry<String, String> entry = new SimpleEntry<String, String>(clientId, clientSecret);
return entry;
} catch(Exception e) {
throw new InternalServerErrorException(
"Unable to retrieve Application Token for context " + SecretManagerProvider.instance.get().getContext(), e);
} catch (Exception e) {
throw new InternalServerErrorException("Unable to retrieve Application Token for context "
+ SecretManagerProvider.instance.get().getContext(), e);
}
}
/**
* Gets the JWT access token.
*
* @return the JWT access token
* @throws Exception the exception
*/
private static TokenResponse getJWTAccessToken() throws Exception {
String context = SecretManagerProvider.instance.get().getContext();
Entry<String,String> entry = getClientIdAndClientSecret(context);
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(), entry.getValue(), context, null);
return tr;
SecretManager secretManager = SecretManagerProvider.instance.get();
if (secretManager != null) {
String context = getContext();
log.info("Context is {}", context);
Entry<String, String> entry = getClientIdAndClientSecret(context);
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(context, entry.getKey(),
entry.getValue(), context, null);
return tr;
} else {
throw new Exception(SecretManager.class.getSimpleName() + " is null!! Please set it");
}
}
/**
* Gets the context.
*
* @return the context
*/
public static String getContext() {
String context = null;
SecretManager secretManager = SecretManagerProvider.instance.get();
// Test case
if (secretManager == null) {
log.info(SecretManager.class.getSimpleName() + " is null trying to read the scope from "
+ ScopeProvider.class.getSimpleName());
context = ScopeProvider.instance.get();
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
return context;
}
context = secretManager.getContext();
if (context == null) {
log.info(SecretManager.class.getSimpleName() + " has getContext null trying to read the scope from "
+ ScopeProvider.class.getSimpleName());
context = ScopeProvider.instance.get();
log.info("Returning scope {} read from {}", context, ScopeProvider.class.getSimpleName());
return context;
}
log.info("Returning scope {} read from {}", context, SecretManager.class.getSimpleName());
return context;
}
/**
* Gets the geoportal secret.
*
* @return the geoportal secret
* @throws Exception the exception
*/
public static Secret getGeoportalSecret() throws Exception {
TokenResponse tr = getJWTAccessToken();
Secret secret = new JWTSecret(tr.getAccessToken());
return secret;
}
}

28
cms-plugin-framework/src/main/java/org/gcube/application/cms/serviceaccount/IAMClientCredentialsReader.java
View File

@ -6,7 +6,6 @@ import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import java.util.Collection;
import java.util.List;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
@ -16,34 +15,31 @@ import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
import lombok.extern.slf4j.Slf4j;
/**
* The Class GNABaseMapsResourceReader.
* The Class IAMClientCredentialsReader.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 23, 2021
* Jul 3, 2024
*/
@Slf4j
public class IAMClientCredentialsReader {
private static final String SE_PROFILE_NAME = "geoportal";
private static final String SE_CATEGORY_NAME = "SystemWorkspaceClient";
/**
* Gets the credentials.
*
* @param currentContext the current context
* @return the credentials
* @throws Exception the exception
*/
public static IAMClientCredentials getCredentials() throws Exception {
public static IAMClientCredentials getCredentials(String currentContext, String seProfileName,
String seCategoryName) throws Exception {
String currentContext = SecretManagerProvider.instance.get().getContext();
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + SE_PROFILE_NAME
+ " and category name: " + SE_CATEGORY_NAME);
log.info("Searching SE in the scope: " + currentContext + " with profile name: " + seProfileName
+ " and category name: " + seCategoryName);
SimpleQuery query = queryFor(ServiceEndpoint.class);
query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'");
query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'");
query.addCondition("$resource/Profile/Name/text() eq '" + seProfileName + "'");
query.addCondition("$resource/Profile/Category/text() eq '" + seCategoryName + "'");
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
List<ServiceEndpoint> resources = client.submit(query);
@ -51,8 +47,8 @@ public class IAMClientCredentialsReader {
if (resources.size() > 0)
log.info("The query returned " + resources.size() + " ServiceEndpoint/s");
else
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + SE_PROFILE_NAME
+ "' and category name '" + SE_CATEGORY_NAME + "' in the scope: " + currentContext);
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name '" + seProfileName
+ "' and category name '" + seCategoryName + "' in the scope: " + currentContext);
ServiceEndpoint se = resources.get(0);
Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
@ -74,7 +70,7 @@ public class IAMClientCredentialsReader {
}
}
log.info("Returning keycloack credentials for SE {} read from SE", SE_PROFILE_NAME);
log.info("Returning keycloack credentials for SE {} read from SE", seProfileName);
return new IAMClientCredentials(clientId, secredPwd);
}