This is an automated email from the ASF dual-hosted git repository. yasith pushed a commit to branch feat/server-collapse in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 2eb681aba603b241481cb3f36e1749f61f5d90fa Author: yasithdev <[email protected]> AuthorDate: Sat Mar 28 01:52:10 2026 -0500 refactor: replace CredentialStore and Profile Thrift clients with direct injection - Replace CredentialStoreClientFactory usages with direct CredentialStoreServerHandler instantiation in SSHAccountManager, GatewayGroupsInitializer, AgentUtils, IamAdminServicesHandler, TenantProfileServiceHandler, and AiravataDataMigrator - Replace ProfileServiceClientFactory usages: - AiravataTask/TaskContext: use UserProfileRepository directly instead of UserProfileService Thrift client (avoids circular dep with airavata-server) - UserProfileServiceHandler: use IamAdminServicesHandler directly - AiravataDataMigrator: use TenantManagementKeycloakImpl directly - AiravataService (research-service): use UserProfileRepository directly - Remove unused getCredentialStoreServiceClient from KeyCloakSecurityManager - Delete CredentialStoreClientFactory (no remaining references) - Keep ProfileServiceClientFactory (still used by example clients) --- .../airavata/research/service/AiravataService.java | 43 ++++--------- .../apache/airavata/compute/util/AgentUtils.java | 15 ++--- .../service/provisioning/SSHAccountManager.java | 74 +++++++--------------- .../util/CredentialStoreClientFactory.java | 44 ------------- .../execution/orchestrator/AiravataTask.java | 17 ++--- .../execution/orchestrator/TaskContext.java | 33 +++++----- .../security/service/GatewayGroupsInitializer.java | 50 ++++++--------- .../security/service/KeyCloakSecurityManager.java | 34 +--------- .../sharing/util/AiravataDataMigrator.java | 48 +++++--------- .../thrift/handler/IamAdminServicesHandler.java | 20 +++--- .../handler/TenantProfileServiceHandler.java | 41 ++++-------- .../thrift/handler/UserProfileServiceHandler.java | 19 +----- 12 files changed, 123 insertions(+), 315 deletions(-) diff --git a/airavata-api/research-service/src/main/java/org/apache/airavata/research/service/AiravataService.java b/airavata-api/research-service/src/main/java/org/apache/airavata/research/service/AiravataService.java index 2dc09ed6a5..c5e1792a73 100644 --- a/airavata-api/research-service/src/main/java/org/apache/airavata/research/service/AiravataService.java +++ b/airavata-api/research-service/src/main/java/org/apache/airavata/research/service/AiravataService.java @@ -19,16 +19,11 @@ */ package org.apache.airavata.research.service; -import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.common.security.UserContext; -import org.apache.airavata.security.profile.client.ProfileServiceClientFactory; -import org.apache.airavata.service.profile.user.cpi.UserProfileService; -import org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException; -import org.apache.thrift.TException; +import org.apache.airavata.security.profile.user.core.repositories.UserProfileRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @Service @@ -36,38 +31,22 @@ public class AiravataService { private static final Logger LOGGER = LoggerFactory.getLogger(AiravataService.class); - @Value("${airavata.user-profile.server.url:airavata.host}") - private String profileServerUrl; - - @Value("${airavata.user-profile.server.port:8962}") - private int profileServerPort; - - public UserProfileService.Client userProfileClient() { - try { - LOGGER.info("User profile client initialized"); - return ProfileServiceClientFactory.createUserProfileServiceClient(profileServerUrl, profileServerPort); - } catch (UserProfileServiceException e) { - LOGGER.error("Error while creating user profile client", e); - throw new RuntimeException(e); - } - } + private final UserProfileRepository userProfileRepository = new UserProfileRepository(); public UserProfile getUserProfile(String userId) { - try { - return userProfileClient().getUserProfileById(UserContext.authzToken(), userId, UserContext.gatewayId()); - } catch (TException e) { - LOGGER.error("Error while getting user profile with the id: {}", userId, e); - throw new RuntimeException("Error while getting user profile with the id: " + userId, e); + UserProfile profile = userProfileRepository.getUserProfileByIdAndGateWay(userId, UserContext.gatewayId()); + if (profile == null) { + throw new RuntimeException("User profile not found for id: " + userId); } + return profile; } - public UserProfile getUserProfile(AuthzToken authzToken, String userId, String gatewayId) { - try { - return userProfileClient().getUserProfileById(authzToken, userId, gatewayId); - } catch (TException e) { - LOGGER.error("Error while getting user profile with the id: {} in the gateway: {}", userId, gatewayId, e); + public UserProfile getUserProfile(String authzToken, String userId, String gatewayId) { + UserProfile profile = userProfileRepository.getUserProfileByIdAndGateWay(userId, gatewayId); + if (profile == null) { throw new RuntimeException( - "Error while getting user profile with the id: " + userId + " in the gateway: " + gatewayId, e); + "User profile not found for id: " + userId + " in gateway: " + gatewayId); } + return profile; } } diff --git a/airavata-api/src/main/java/org/apache/airavata/compute/util/AgentUtils.java b/airavata-api/src/main/java/org/apache/airavata/compute/util/AgentUtils.java index b7ab9270fd..b0b73256fa 100644 --- a/airavata-api/src/main/java/org/apache/airavata/compute/util/AgentUtils.java +++ b/airavata-api/src/main/java/org/apache/airavata/compute/util/AgentUtils.java @@ -19,11 +19,8 @@ */ package org.apache.airavata.compute.util; -import org.apache.airavata.common.config.ServerSettings; -import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.credential.handler.CredentialStoreServerHandler; import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.execution.scheduler.Utils; import org.apache.airavata.registry.api.RegistryService; @@ -33,13 +30,11 @@ public class AgentUtils { return Utils.getRegistryHandler(); } - public static CredentialStoreService.Client getCredentialClient() throws AgentException { + public static CredentialStoreService.Iface getCredentialClient() throws AgentException { try { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException | ApplicationSettingsException e) { - throw new AgentException("Unable to create credential client...", e); + return new CredentialStoreServerHandler(); + } catch (Exception e) { + throw new AgentException("Unable to create CredentialStoreServerHandler...", e); } } } diff --git a/airavata-api/src/main/java/org/apache/airavata/credential/service/provisioning/SSHAccountManager.java b/airavata-api/src/main/java/org/apache/airavata/credential/service/provisioning/SSHAccountManager.java index 0d5a2652f9..5e59af5880 100644 --- a/airavata-api/src/main/java/org/apache/airavata/credential/service/provisioning/SSHAccountManager.java +++ b/airavata-api/src/main/java/org/apache/airavata/credential/service/provisioning/SSHAccountManager.java @@ -26,9 +26,8 @@ import java.util.function.Function; import java.util.stream.Collectors; import org.apache.airavata.common.config.ServerSettings; import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.credential.handler.CredentialStoreServerHandler; import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.execution.util.RegistryServiceClientFactory; import org.apache.airavata.model.appcatalog.computeresource.ComputeResourceDescription; import org.apache.airavata.model.appcatalog.computeresource.JobSubmissionInterface; @@ -258,52 +257,28 @@ public class SSHAccountManager { private static Map<ConfigParam, String> resolveProvisionerConfig( String gatewayId, String provisionerName, Map<ConfigParam, String> provisionerConfig) throws InvalidSetupException { - CredentialStoreService.Client credentialStoreServiceClient = null; - try { - credentialStoreServiceClient = getCredentialStoreClient(); - // Resolve any CRED_STORE_PASSWORD_TOKEN config parameters to passwords - Map<ConfigParam, String> resolvedConfig = new HashMap<>(); - for (Map.Entry<ConfigParam, String> configEntry : provisionerConfig.entrySet()) { - if (configEntry.getKey().getType() == ConfigParam.ConfigParamType.CRED_STORE_PASSWORD_TOKEN) { - try { - PasswordCredential password = - credentialStoreServiceClient.getPasswordCredential(configEntry.getValue(), gatewayId); - if (password == null) { - throw new InvalidSetupException("Password credential doesn't exist for config param [" - + configEntry.getKey().getName() + "] for token [" + configEntry.getValue() - + "] for provisioner [" + provisionerName + "]."); - } - resolvedConfig.put(configEntry.getKey(), password.getPassword()); - } catch (TException e) { - throw new RuntimeException("Failed to get password needed to configure " + provisionerName, e); + CredentialStoreService.Iface credentialStoreHandler = getCredentialStoreHandler(); + // Resolve any CRED_STORE_PASSWORD_TOKEN config parameters to passwords + Map<ConfigParam, String> resolvedConfig = new HashMap<>(); + for (Map.Entry<ConfigParam, String> configEntry : provisionerConfig.entrySet()) { + if (configEntry.getKey().getType() == ConfigParam.ConfigParamType.CRED_STORE_PASSWORD_TOKEN) { + try { + PasswordCredential password = + credentialStoreHandler.getPasswordCredential(configEntry.getValue(), gatewayId); + if (password == null) { + throw new InvalidSetupException("Password credential doesn't exist for config param [" + + configEntry.getKey().getName() + "] for token [" + configEntry.getValue() + + "] for provisioner [" + provisionerName + "]."); } - } else { - resolvedConfig.put(configEntry.getKey(), configEntry.getValue()); - } - } - return resolvedConfig; - } finally { - if (credentialStoreServiceClient != null) { - if (credentialStoreServiceClient - .getInputProtocol() - .getTransport() - .isOpen()) { - credentialStoreServiceClient - .getInputProtocol() - .getTransport() - .close(); - } - if (credentialStoreServiceClient - .getOutputProtocol() - .getTransport() - .isOpen()) { - credentialStoreServiceClient - .getOutputProtocol() - .getTransport() - .close(); + resolvedConfig.put(configEntry.getKey(), password.getPassword()); + } catch (TException e) { + throw new RuntimeException("Failed to get password needed to configure " + provisionerName, e); } + } else { + resolvedConfig.put(configEntry.getKey(), configEntry.getValue()); } } + return resolvedConfig; } private static Map<ConfigParam, String> convertConfigParams( @@ -335,14 +310,11 @@ public class SSHAccountManager { } } - private static CredentialStoreService.Client getCredentialStoreClient() { - + private static CredentialStoreService.Iface getCredentialStoreHandler() { try { - String credServerHost = ServerSettings.getCredentialStoreServerHost(); - int credServerPort = Integer.valueOf(ServerSettings.getCredentialStoreServerPort()); - return CredentialStoreClientFactory.createAiravataCSClient(credServerHost, credServerPort); - } catch (CredentialStoreException | ApplicationSettingsException e) { - throw new RuntimeException("Failed to create credential store service client", e); + return new CredentialStoreServerHandler(); + } catch (Exception e) { + throw new RuntimeException("Failed to create CredentialStoreServerHandler", e); } } } diff --git a/airavata-api/src/main/java/org/apache/airavata/credential/util/CredentialStoreClientFactory.java b/airavata-api/src/main/java/org/apache/airavata/credential/util/CredentialStoreClientFactory.java deleted file mode 100644 index c19bdc5f23..0000000000 --- a/airavata-api/src/main/java/org/apache/airavata/credential/util/CredentialStoreClientFactory.java +++ /dev/null @@ -1,44 +0,0 @@ -/** -* -* Licensed to the Apache Software Foundation (ASF) under one -* or more contributor license agreements. See the NOTICE file -* distributed with this work for additional information -* regarding copyright ownership. The ASF licenses this file -* to you under the Apache License, Version 2.0 (the -* "License"); you may not use this file except in compliance -* with the License. You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ -package org.apache.airavata.credential.util; - -import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.thrift.protocol.TBinaryProtocol; -import org.apache.thrift.protocol.TProtocol; -import org.apache.thrift.transport.TSocket; -import org.apache.thrift.transport.TTransport; -import org.apache.thrift.transport.TTransportException; - -public class CredentialStoreClientFactory { - - public static CredentialStoreService.Client createAiravataCSClient(String serverHost, int serverPort) - throws CredentialStoreException { - try { - TTransport transport = new TSocket(serverHost, serverPort); - transport.open(); - TProtocol protocol = new TBinaryProtocol(transport); - return new CredentialStoreService.Client(protocol); - } catch (TTransportException e) { - throw new CredentialStoreException( - "Unable to connect to the credential store server at " + serverHost + ":" + serverPort); - } - } -} diff --git a/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/AiravataTask.java b/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/AiravataTask.java index 16d420e2ef..49e246fe31 100644 --- a/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/AiravataTask.java +++ b/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/AiravataTask.java @@ -28,7 +28,6 @@ import java.util.List; import java.util.UUID; import org.apache.airavata.common.config.ServerSettings; import org.apache.airavata.common.exception.AiravataException; -import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.util.AiravataUtils; import org.apache.airavata.execution.scheduler.Utils; import org.apache.airavata.messaging.service.MessageContext; @@ -45,9 +44,7 @@ import org.apache.airavata.model.messaging.event.*; import org.apache.airavata.model.process.ProcessModel; import org.apache.airavata.model.status.*; import org.apache.airavata.registry.api.RegistryService; -import org.apache.airavata.security.profile.client.ProfileServiceClientFactory; -import org.apache.airavata.service.profile.user.cpi.UserProfileService; -import org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException; +import org.apache.airavata.security.profile.user.core.repositories.UserProfileRepository; import org.apache.commons.io.FileUtils; import org.apache.commons.lang3.exception.ExceptionUtils; import org.apache.helix.HelixManager; @@ -523,7 +520,7 @@ public abstract class AiravataTask extends AbstractTask { TaskContext.TaskContextBuilder taskContextBuilder = new TaskContext.TaskContextBuilder( getProcessId(), getGatewayId(), getTaskId()) .setRegistryClient(getRegistryServiceClient()) - .setProfileClient(getUserProfileClient()) + .setUserProfileRepository(getUserProfileRepository()) .setExperimentModel(getExperimentModel()) .setProcessModel(getProcessModel()); @@ -649,13 +646,7 @@ public abstract class AiravataTask extends AbstractTask { return Utils.getRegistryHandler(); } - public static UserProfileService.Client getUserProfileClient() { - try { - final int serverPort = Integer.parseInt(ServerSettings.getProfileServiceServerPort()); - final String serverHost = ServerSettings.getProfileServiceServerHost(); - return ProfileServiceClientFactory.createUserProfileServiceClient(serverHost, serverPort); - } catch (UserProfileServiceException | ApplicationSettingsException e) { - throw new RuntimeException("Unable to create profile service client...", e); - } + public static UserProfileRepository getUserProfileRepository() { + return new UserProfileRepository(); } } diff --git a/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/TaskContext.java b/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/TaskContext.java index 5c03eb8e79..45c56a612e 100644 --- a/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/TaskContext.java +++ b/airavata-api/src/main/java/org/apache/airavata/execution/orchestrator/TaskContext.java @@ -61,7 +61,6 @@ import org.apache.airavata.model.experiment.ExperimentModel; import org.apache.airavata.model.job.JobModel; import org.apache.airavata.model.process.ProcessModel; import org.apache.airavata.model.scheduling.ComputationalResourceSchedulingModel; -import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.model.status.ProcessState; import org.apache.airavata.model.status.ProcessStatus; import org.apache.airavata.model.status.TaskState; @@ -69,9 +68,7 @@ import org.apache.airavata.model.status.TaskStatus; import org.apache.airavata.model.task.TaskModel; import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.registry.api.RegistryService; -import org.apache.airavata.security.service.AiravataSecurityManager; -import org.apache.airavata.security.service.SecurityManagerFactory; -import org.apache.airavata.service.profile.user.cpi.UserProfileService; +import org.apache.airavata.security.profile.user.core.repositories.UserProfileRepository; import org.apache.thrift.TException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -86,7 +83,7 @@ public class TaskContext { private Publisher statusPublisher; private RegistryService.Iface registryClient; - private UserProfileService.Client profileClient; + private UserProfileRepository userProfileRepository; private String processId; private String gatewayId; @@ -837,22 +834,24 @@ public class TaskContext { return registryClient; } - public UserProfileService.Client getProfileClient() { - return profileClient; + public UserProfileRepository getUserProfileRepository() { + return userProfileRepository; } - public void setProfileClient(UserProfileService.Client profileClient) { - this.profileClient = profileClient; + public void setUserProfileRepository(UserProfileRepository userProfileRepository) { + this.userProfileRepository = userProfileRepository; } public UserProfile getUserProfile() throws TaskOnFailException { if (this.userProfile == null) { try { - AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager(); - AuthzToken authzToken = securityManager.getUserManagementServiceAccountAuthzToken(getGatewayId()); - this.userProfile = getProfileClient() - .getUserProfileById(authzToken, getProcessModel().getUserName(), getGatewayId()); + this.userProfile = getUserProfileRepository() + .getUserProfileByIdAndGateWay(getProcessModel().getUserName(), getGatewayId()); + if (this.userProfile == null) { + throw new Exception("User profile not found for user " + getProcessModel().getUserName() + + " in gateway " + getGatewayId()); + } } catch (Exception e) { logger.error("Failed to fetch the user profile for user id {}", processModel.getUserName(), e); throw new TaskOnFailException( @@ -1006,7 +1005,7 @@ public class TaskContext { private final String gatewayId; private final String taskId; private RegistryService.Iface registryClient; - private UserProfileService.Client profileClient; + private UserProfileRepository userProfileRepository; private ProcessModel processModel; private ExperimentModel experimentModel; @@ -1035,8 +1034,8 @@ public class TaskContext { return this; } - public TaskContextBuilder setProfileClient(UserProfileService.Client profileClient) { - this.profileClient = profileClient; + public TaskContextBuilder setUserProfileRepository(UserProfileRepository userProfileRepository) { + this.userProfileRepository = userProfileRepository; return this; } @@ -1053,7 +1052,7 @@ public class TaskContext { ctx.setRegistryClient(registryClient); ctx.setProcessModel(processModel); ctx.setExperimentModel(experimentModel); - ctx.setProfileClient(profileClient); + ctx.setUserProfileRepository(userProfileRepository); return ctx; } diff --git a/airavata-api/src/main/java/org/apache/airavata/security/service/GatewayGroupsInitializer.java b/airavata-api/src/main/java/org/apache/airavata/security/service/GatewayGroupsInitializer.java index bef54d0ead..f7cbad2c30 100644 --- a/airavata-api/src/main/java/org/apache/airavata/security/service/GatewayGroupsInitializer.java +++ b/airavata-api/src/main/java/org/apache/airavata/security/service/GatewayGroupsInitializer.java @@ -23,18 +23,17 @@ import org.apache.airavata.common.config.ServerSettings; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.util.AiravataUtils; import org.apache.airavata.common.util.ThriftUtils; +import org.apache.airavata.credential.handler.CredentialStoreServerHandler; import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.execution.util.RegistryServiceClientFactory; import org.apache.airavata.model.appcatalog.gatewaygroups.GatewayGroups; import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile; import org.apache.airavata.model.credential.store.PasswordCredential; import org.apache.airavata.registry.api.RegistryService; import org.apache.airavata.registry.api.exception.RegistryServiceException; +import org.apache.airavata.sharing.handler.SharingRegistryServerHandler; import org.apache.airavata.sharing.registry.models.*; import org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService; -import org.apache.airavata.sharing.util.SharingRegistryServiceClientFactory; import org.apache.thrift.TException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -48,30 +47,33 @@ public class GatewayGroupsInitializer { public static synchronized GatewayGroups initializeGatewayGroups(String gatewayId) { - SharingRegistryService.Client sharingRegistryClient = createSharingRegistryClient(); + SharingRegistryService.Iface sharingRegistryHandler; + try { + sharingRegistryHandler = new SharingRegistryServerHandler(); + } catch (Exception e) { + throw new RuntimeException("Failed to create SharingRegistryServerHandler", e); + } RegistryService.Client registryClient = createRegistryClient(); - CredentialStoreService.Client credentialStoreClient = createCredentialStoreClient(); + CredentialStoreService.Iface credentialStoreHandler = createCredentialStoreHandler(); try { GatewayGroupsInitializer gatewayGroupsInitializer = - new GatewayGroupsInitializer(registryClient, sharingRegistryClient, credentialStoreClient); + new GatewayGroupsInitializer(registryClient, sharingRegistryHandler, credentialStoreHandler); return gatewayGroupsInitializer.initialize(gatewayId); } catch (Exception e) { throw new RuntimeException("Failed to initialize a GatewayGroups instance for gateway: " + gatewayId, e); } finally { - ThriftUtils.close(sharingRegistryClient); ThriftUtils.close(registryClient); - ThriftUtils.close(credentialStoreClient); } } private RegistryService.Client registryClient; - private SharingRegistryService.Client sharingRegistryClient; - private CredentialStoreService.Client credentialStoreClient; + private SharingRegistryService.Iface sharingRegistryClient; + private CredentialStoreService.Iface credentialStoreClient; public GatewayGroupsInitializer( RegistryService.Client registryClient, - SharingRegistryService.Client sharingRegistryClient, - CredentialStoreService.Client credentialStoreClient) { + SharingRegistryService.Iface sharingRegistryClient, + CredentialStoreService.Iface credentialStoreClient) { this.registryClient = registryClient; this.sharingRegistryClient = sharingRegistryClient; @@ -126,7 +128,7 @@ public class GatewayGroupsInitializer { } private UserGroup createGroup( - SharingRegistryService.Client sharingRegistryClient, + SharingRegistryService.Iface sharingRegistryClient, String gatewayId, String ownerId, String groupName, @@ -150,7 +152,7 @@ public class GatewayGroupsInitializer { private String getAdminOwnerUsername( RegistryService.Client registryClient, - CredentialStoreService.Client credentialStoreClient, + CredentialStoreService.Iface credentialStoreClient, String gatewayId) throws TException { @@ -161,16 +163,6 @@ public class GatewayGroupsInitializer { return adminUsername; } - private static SharingRegistryService.Client createSharingRegistryClient() { - final int serverPort = Integer.parseInt(ServerSettings.getSharingRegistryPort()); - final String serverHost = ServerSettings.getSharingRegistryHost(); - try { - return SharingRegistryServiceClientFactory.createSharingRegistryClient(serverHost, serverPort); - } catch (SharingRegistryException e) { - throw new RuntimeException("Unable to create sharing registry client...", e); - } - } - private static RegistryService.Client createRegistryClient() { try { final int serverPort = Integer.parseInt(ServerSettings.getRegistryServerPort()); @@ -181,13 +173,11 @@ public class GatewayGroupsInitializer { } } - private static CredentialStoreService.Client createCredentialStoreClient() { + private static CredentialStoreService.Iface createCredentialStoreHandler() { try { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (ApplicationSettingsException | CredentialStoreException e) { - throw new RuntimeException("Unable to create credential store client...", e); + return new CredentialStoreServerHandler(); + } catch (Exception e) { + throw new RuntimeException("Unable to create CredentialStoreServerHandler...", e); } } } diff --git a/airavata-api/src/main/java/org/apache/airavata/security/service/KeyCloakSecurityManager.java b/airavata-api/src/main/java/org/apache/airavata/security/service/KeyCloakSecurityManager.java index e0a3cc9f61..55f737d255 100644 --- a/airavata-api/src/main/java/org/apache/airavata/security/service/KeyCloakSecurityManager.java +++ b/airavata-api/src/main/java/org/apache/airavata/security/service/KeyCloakSecurityManager.java @@ -32,9 +32,6 @@ import org.apache.airavata.common.config.Constants; import org.apache.airavata.common.config.ServerSettings; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.util.ThriftUtils; -import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.execution.util.RegistryServiceClientFactory; import org.apache.airavata.model.appcatalog.gatewaygroups.GatewayGroups; import org.apache.airavata.model.appcatalog.gatewayprofile.GatewayResourceProfile; @@ -44,10 +41,9 @@ import org.apache.airavata.registry.api.RegistryService; import org.apache.airavata.registry.api.exception.RegistryServiceException; import org.apache.airavata.security.service.authzcache.*; import org.apache.airavata.security.util.AiravataSecurityException; -import org.apache.airavata.sharing.registry.models.SharingRegistryException; +import org.apache.airavata.sharing.handler.SharingRegistryServerHandler; import org.apache.airavata.sharing.registry.models.UserGroup; import org.apache.airavata.sharing.registry.service.cpi.SharingRegistryService; -import org.apache.airavata.sharing.util.SharingRegistryServiceClientFactory; import org.apache.http.Consts; import org.apache.http.HttpHeaders; import org.apache.http.NameValuePair; @@ -109,7 +105,7 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager { "/airavata/fetchIntermediateOutputs|/airavata/getIntermediateOutputProcessStatus"; private final HashMap<String, String> rolePermissionConfig = new HashMap<>(); private RegistryService.Client registryServiceClient = null; - private SharingRegistryService.Client sharingRegistryServiceClient = null; + private SharingRegistryService.Iface sharingRegistryServiceClient = null; public KeyCloakSecurityManager() throws AiravataSecurityException, ApplicationSettingsException { rolePermissionConfig.put("admin", "/airavata/.*"); @@ -386,16 +382,13 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager { private void initServiceClients() throws TException, ApplicationSettingsException { registryServiceClient = getRegistryServiceClient(); - sharingRegistryServiceClient = getSharingRegistryServiceClient(); + sharingRegistryServiceClient = new SharingRegistryServerHandler(); } private void closeServiceClients() { if (registryServiceClient != null) { ThriftUtils.close(registryServiceClient); } - if (sharingRegistryServiceClient != null) { - ThriftUtils.close(sharingRegistryServiceClient); - } } private RegistryService.Client getRegistryServiceClient() throws TException, ApplicationSettingsException { @@ -408,27 +401,6 @@ public class KeyCloakSecurityManager implements AiravataSecurityManager { } } - private CredentialStoreService.Client getCredentialStoreServiceClient() - throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); - try { - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException e) { - throw new TException("Unable to create credential store client...", e); - } - } - - private SharingRegistryService.Client getSharingRegistryServiceClient() throws TException { - final int serverPort = Integer.parseInt(ServerSettings.getSharingRegistryPort()); - final String serverHost = ServerSettings.getSharingRegistryHost(); - try { - return SharingRegistryServiceClientFactory.createSharingRegistryClient(serverHost, serverPort); - } catch (SharingRegistryException e) { - throw new TException("Unable to create sharing registry client...", e); - } - } - private static class GatewayGroupMembership { private boolean inAdminsGroup = false; private boolean inReadOnlyAdminsGroup = false; diff --git a/airavata-api/src/main/java/org/apache/airavata/sharing/util/AiravataDataMigrator.java b/airavata-api/src/main/java/org/apache/airavata/sharing/util/AiravataDataMigrator.java index 7f8851f001..a90a36ce18 100644 --- a/airavata-api/src/main/java/org/apache/airavata/sharing/util/AiravataDataMigrator.java +++ b/airavata-api/src/main/java/org/apache/airavata/sharing/util/AiravataDataMigrator.java @@ -33,9 +33,8 @@ import java.util.stream.Collectors; import org.apache.airavata.common.config.ServerSettings; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.util.AiravataUtils; +import org.apache.airavata.credential.handler.CredentialStoreServerHandler; import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.execution.util.RegistryServiceClientFactory; import org.apache.airavata.model.appcatalog.appdeployment.ApplicationDeploymentDescription; import org.apache.airavata.model.appcatalog.computeresource.ComputeResourceDescription; @@ -57,13 +56,10 @@ import org.apache.airavata.model.user.Status; import org.apache.airavata.model.user.UserProfile; import org.apache.airavata.registry.api.RegistryService; import org.apache.airavata.registry.api.exception.RegistryServiceException; -import org.apache.airavata.security.profile.client.ProfileServiceClientFactory; import org.apache.airavata.security.profile.iam.admin.services.core.impl.TenantManagementKeycloakImpl; import org.apache.airavata.security.service.AiravataSecurityManager; import org.apache.airavata.security.service.SecurityManagerFactory; import org.apache.airavata.security.util.AiravataSecurityException; -import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices; -import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; import org.apache.airavata.sharing.handler.SharingRegistryServerHandler; import org.apache.airavata.sharing.registry.models.Domain; import org.apache.airavata.sharing.registry.models.Entity; @@ -97,8 +93,8 @@ public class AiravataDataMigrator { Connection expCatConnection = ConnectionFactory.getInstance().getExpCatConnection(); SharingRegistryServerHandler sharingRegistryServerHandler = new SharingRegistryServerHandler(); - CredentialStoreService.Client credentialStoreServiceClient = getCredentialStoreServiceClient(); - IamAdminServices.Client iamAdminServiceClient = getIamAdminServiceClient(); + CredentialStoreService.Iface credentialStoreServiceClient = getCredentialStoreServiceClient(); + TenantManagementKeycloakImpl keycloakClient = new TenantManagementKeycloakImpl(); String query = "SELECT * FROM GATEWAY" + gatewayWhereClause; Statement statement = expCatConnection.createStatement(); @@ -253,11 +249,11 @@ public class AiravataDataMigrator { AuthzToken authzToken_of_management_user = getManagementUsersAccessToken(domain.getDomainId()); List<UserProfile> missingUsers = getUsersToMigrate( sharingRegistryServerHandler, - iamAdminServiceClient, + keycloakClient, authzToken_of_management_user, null, domain.getDomainId()); - migrateKeycloakUsersToGateway(iamAdminServiceClient, authzToken_of_management_user, missingUsers); + migrateKeycloakUsersToGateway(keycloakClient, authzToken_of_management_user, missingUsers); addUsersToGroups( sharingRegistryServerHandler, missingUsers, @@ -508,14 +504,15 @@ public class AiravataDataMigrator { private static List<UserProfile> getUsersToMigrate( SharingRegistryServerHandler sharingRegistryServerHandler, - IamAdminServices.Client adminServiceClient, + TenantManagementKeycloakImpl keycloakClient, AuthzToken authzToken, String search, String domainId) throws TException { + String gatewayId = authzToken.getClaimsMap().get(org.apache.airavata.common.config.Constants.GATEWAY_ID); List<UserProfile> missingUsers = new ArrayList<>(); - List<UserProfile> keycloakUsers = adminServiceClient.getUsers(authzToken, 0, -1, search); + List<UserProfile> keycloakUsers = keycloakClient.getUsers(authzToken.getAccessToken(), gatewayId, 0, -1, search); for (UserProfile profile : keycloakUsers) { if (profile.getState().equals(Status.ACTIVE) @@ -527,12 +524,13 @@ public class AiravataDataMigrator { } private static boolean migrateKeycloakUsersToGateway( - IamAdminServices.Client adminServiceClient, AuthzToken authzToken, List<UserProfile> missingUsers) + TenantManagementKeycloakImpl keycloakClient, AuthzToken authzToken, List<UserProfile> missingUsers) throws TException { + String gatewayId = authzToken.getClaimsMap().get(org.apache.airavata.common.config.Constants.GATEWAY_ID); boolean allUsersUpdated = true; for (UserProfile profile : missingUsers) { - allUsersUpdated &= adminServiceClient.enableUser(authzToken, profile.getUserId()); + allUsersUpdated &= keycloakClient.enableUserAccount(authzToken.getAccessToken(), gatewayId, profile.getUserId()); } return allUsersUpdated; } @@ -663,7 +661,7 @@ public class AiravataDataMigrator { private static String getAdminOwnerUser( Domain domain, SharingRegistryServerHandler sharingRegistryServerHandler, - CredentialStoreService.Client credentialStoreServiceClient, + CredentialStoreService.Iface credentialStoreServiceClient, RegistryService.Client registryServiceClient) throws TException { GatewayResourceProfile gatewayResourceProfile = null; @@ -733,7 +731,7 @@ public class AiravataDataMigrator { GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(tenantId); - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); + CredentialStoreService.Iface csClient = getCredentialStoreServiceClient(); return csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); } @@ -902,14 +900,11 @@ public class AiravataDataMigrator { } } - private static CredentialStoreService.Client getCredentialStoreServiceClient() - throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); + private static CredentialStoreService.Iface getCredentialStoreServiceClient() throws TException { try { - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException e) { - throw new TException("Unable to create credential store client...", e); + return new CredentialStoreServerHandler(); + } catch (Exception e) { + throw new TException("Unable to create CredentialStoreServerHandler...", e); } } @@ -923,15 +918,6 @@ public class AiravataDataMigrator { } } - private static IamAdminServices.Client getIamAdminServiceClient() throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getProfileServiceServerPort()); - final String serverHost = ServerSettings.getProfileServiceServerHost(); - try { - return ProfileServiceClientFactory.createIamAdminServiceClient(serverHost, serverPort); - } catch (IamAdminServicesException e) { - throw new TException("Unable to create i am admin service client...", e); - } - } private static AuthzToken getManagementUsersAccessToken(String tenantId) throws TException { try { diff --git a/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/IamAdminServicesHandler.java b/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/IamAdminServicesHandler.java index 6db594fc86..bfd2a1704b 100644 --- a/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/IamAdminServicesHandler.java +++ b/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/IamAdminServicesHandler.java @@ -25,9 +25,8 @@ import org.apache.airavata.common.config.ServerSettings; import org.apache.airavata.common.exception.AiravataException; import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.util.AiravataUtils; +import org.apache.airavata.credential.handler.CredentialStoreServerHandler; import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.execution.util.RegistryServiceClientFactory; import org.apache.airavata.messaging.util.DBEventPublisherUtils; import org.apache.airavata.messaging.util.DBEventService; @@ -74,7 +73,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { keycloakclient.addTenant(isSuperAdminCredentials, gateway); // Load the tenant admin password stored in gateway request - CredentialStoreService.Client credentialStoreClient = getCredentialStoreServiceClient(); + CredentialStoreService.Iface credentialStoreClient = getCredentialStoreHandler(); // Admin password token should already be stored under requested gateway's gatewayId PasswordCredential tenantAdminPasswordCredential = credentialStoreClient.getPasswordCredential( gateway.getIdentityServerPasswordToken(), gateway.getGatewayId()); @@ -85,7 +84,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } Gateway gatewayWithIdAndSecret = keycloakclient.configureClient(isSuperAdminCredentials, gateway); return gatewayWithIdAndSecret; - } catch (TException | ApplicationSettingsException ex) { + } catch (TException ex) { logger.error("Gateway Setup Failed, reason: " + ex.getMessage(), ex); IamAdminServicesException iamAdminServicesException = new IamAdminServicesException(ex.getMessage()); throw iamAdminServicesException; @@ -343,7 +342,7 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { GatewayResourceProfile gwrp = getRegistryServiceClient().getGatewayResourceProfile(tenantId); - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); + CredentialStoreService.Iface csClient = getCredentialStoreHandler(); return csClient.getPasswordCredential(gwrp.getIdentityServerPwdCredToken(), gwrp.getGatewayID()); } @@ -357,14 +356,11 @@ public class IamAdminServicesHandler implements IamAdminServices.Iface { } } - private CredentialStoreService.Client getCredentialStoreServiceClient() - throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); + private CredentialStoreService.Iface getCredentialStoreHandler() throws TException { try { - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException e) { - throw new TException("Unable to create credential store client...", e); + return new CredentialStoreServerHandler(); + } catch (Exception e) { + throw new TException("Unable to create CredentialStoreServerHandler...", e); } } } diff --git a/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/TenantProfileServiceHandler.java b/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/TenantProfileServiceHandler.java index 928182a2a1..c1e1f55e0d 100644 --- a/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/TenantProfileServiceHandler.java +++ b/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/TenantProfileServiceHandler.java @@ -22,11 +22,8 @@ package org.apache.airavata.server.thrift.handler; import java.util.List; import java.util.UUID; import org.apache.airavata.common.config.Constants; -import org.apache.airavata.common.config.ServerSettings; -import org.apache.airavata.common.exception.ApplicationSettingsException; +import org.apache.airavata.credential.handler.CredentialStoreServerHandler; import org.apache.airavata.credential.store.cpi.CredentialStoreService; -import org.apache.airavata.credential.store.exception.CredentialStoreException; -import org.apache.airavata.credential.util.CredentialStoreClientFactory; import org.apache.airavata.messaging.util.DBEventPublisherUtils; import org.apache.airavata.messaging.util.DBEventService; import org.apache.airavata.model.credential.store.PasswordCredential; @@ -243,33 +240,21 @@ public class TenantProfileServiceHandler implements TenantProfileService.Iface { // admin passwords are stored in credential store in the super portal gateway and need to be // copied to a credential that is stored in the requested/newly created gateway private void copyAdminPasswordToGateway(AuthzToken authzToken, Gateway gateway) - throws TException, ApplicationSettingsException { - CredentialStoreService.Client csClient = getCredentialStoreServiceClient(); - try { - String requestGatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); - PasswordCredential adminPasswordCredential = - csClient.getPasswordCredential(gateway.getIdentityServerPasswordToken(), requestGatewayId); - adminPasswordCredential.setGatewayId(gateway.getGatewayId()); - String newAdminPasswordCredentialToken = csClient.addPasswordCredential(adminPasswordCredential); - gateway.setIdentityServerPasswordToken(newAdminPasswordCredentialToken); - } finally { - if (csClient.getInputProtocol().getTransport().isOpen()) { - csClient.getInputProtocol().getTransport().close(); - } - if (csClient.getOutputProtocol().getTransport().isOpen()) { - csClient.getOutputProtocol().getTransport().close(); - } - } + throws TException { + CredentialStoreService.Iface csHandler = getCredentialStoreHandler(); + String requestGatewayId = authzToken.getClaimsMap().get(Constants.GATEWAY_ID); + PasswordCredential adminPasswordCredential = + csHandler.getPasswordCredential(gateway.getIdentityServerPasswordToken(), requestGatewayId); + adminPasswordCredential.setGatewayId(gateway.getGatewayId()); + String newAdminPasswordCredentialToken = csHandler.addPasswordCredential(adminPasswordCredential); + gateway.setIdentityServerPasswordToken(newAdminPasswordCredentialToken); } - private CredentialStoreService.Client getCredentialStoreServiceClient() - throws TException, ApplicationSettingsException { - final int serverPort = Integer.parseInt(ServerSettings.getCredentialStoreServerPort()); - final String serverHost = ServerSettings.getCredentialStoreServerHost(); + private CredentialStoreService.Iface getCredentialStoreHandler() throws TException { try { - return CredentialStoreClientFactory.createAiravataCSClient(serverHost, serverPort); - } catch (CredentialStoreException e) { - throw new TException("Unable to create credential store client...", e); + return new CredentialStoreServerHandler(); + } catch (Exception e) { + throw new TException("Unable to create CredentialStoreServerHandler...", e); } } } diff --git a/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/UserProfileServiceHandler.java b/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/UserProfileServiceHandler.java index dcbb9a44cb..1eb73dd2bb 100644 --- a/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/UserProfileServiceHandler.java +++ b/airavata-server/thrift/src/main/java/org/apache/airavata/server/thrift/handler/UserProfileServiceHandler.java @@ -21,8 +21,6 @@ package org.apache.airavata.server.thrift.handler; import java.util.List; import org.apache.airavata.common.config.Constants; -import org.apache.airavata.common.config.ServerSettings; -import org.apache.airavata.common.exception.ApplicationSettingsException; import org.apache.airavata.common.util.AiravataUtils; import org.apache.airavata.messaging.util.DBEventPublisherUtils; import org.apache.airavata.messaging.util.DBEventService; @@ -32,7 +30,6 @@ import org.apache.airavata.model.error.AuthorizationException; import org.apache.airavata.model.security.AuthzToken; import org.apache.airavata.model.user.Status; import org.apache.airavata.model.user.UserProfile; -import org.apache.airavata.security.profile.client.ProfileServiceClientFactory; import org.apache.airavata.security.profile.user.core.repositories.UserProfileRepository; import org.apache.airavata.security.service.AiravataSecurityManager; import org.apache.airavata.security.service.SecurityManagerFactory; @@ -40,7 +37,6 @@ import org.apache.airavata.security.service.UserInfo; import org.apache.airavata.security.service.interceptor.SecurityCheck; import org.apache.airavata.security.util.AiravataSecurityException; import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices; -import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException; import org.apache.airavata.service.profile.user.cpi.UserProfileService; import org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException; import org.apache.airavata.service.profile.user.cpi.profile_user_cpiConstants; @@ -169,7 +165,7 @@ public class UserProfileServiceHandler implements UserProfileService.Iface { AiravataSecurityManager securityManager = SecurityManagerFactory.getSecurityManager(); AuthzToken serviceAccountAuthzToken = securityManager.getUserManagementServiceAccountAuthzToken(gatewayId); - IamAdminServices.Client iamAdminServicesClient = getIamAdminServicesClient(); + IamAdminServices.Iface iamAdminServicesClient = getIamAdminServicesClient(); iamAdminServicesClient.updateUserProfile(serviceAccountAuthzToken, userProfile); } catch (AiravataSecurityException | TException e) { throw new RuntimeException("Failed to update user profile in IAM service", e); @@ -250,16 +246,7 @@ public class UserProfileServiceHandler implements UserProfileService.Iface { } } - private IamAdminServices.Client getIamAdminServicesClient() throws UserProfileServiceException { - try { - final int serverPort = Integer.parseInt(ServerSettings.getProfileServiceServerPort()); - final String serverHost = ServerSettings.getProfileServiceServerHost(); - return ProfileServiceClientFactory.createIamAdminServiceClient(serverHost, serverPort); - } catch (IamAdminServicesException | ApplicationSettingsException e) { - logger.error("Failed to create IAM Admin Services client", e); - UserProfileServiceException ex = - new UserProfileServiceException("Failed to create IAM Admin Services client"); - throw ex; - } + private IamAdminServices.Iface getIamAdminServicesClient() { + return new IamAdminServicesHandler(); } }
