RED-4515: Create realm on createTenant
This commit is contained in:
deiflaender
Timo Bejan
parent
d781c2263b
commit
710a2f88ac
@ -36,6 +36,10 @@ public class UserListingService {
|
||||
@Cacheable(value = USERS_CACHE, key = "'tenantId'")
|
||||
public List<User> getAllUsers(String tenantId) {
|
||||
|
||||
if(tenantId == "master"){
|
||||
return new ArrayList<>();
|
||||
}
|
||||
|
||||
return retryTemplate.execute(context -> {
|
||||
|
||||
var realm = realmService.realm(tenantId);
|
||||
|
||||
@ -1,9 +1,15 @@
|
||||
package com.iqser.red.service.persistence.management.v1.processor.service;
|
||||
|
||||
import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_ADMIN_ROLE;
|
||||
import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_MANAGER_ROLE;
|
||||
import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_USER_ADMIN_ROLE;
|
||||
import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_USER_ROLE;
|
||||
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.sql.Connection;
|
||||
import java.sql.DriverManager;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
@ -11,6 +17,12 @@ import java.util.stream.Collectors;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.RoleRepresentation;
|
||||
import org.keycloak.representations.idm.RolesRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.postgresql.util.PSQLException;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.boot.autoconfigure.liquibase.LiquibaseProperties;
|
||||
@ -19,6 +31,7 @@ import org.springframework.core.io.ResourceLoader;
|
||||
import org.springframework.jdbc.datasource.SingleConnectionDataSource;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.iqser.red.keycloak.commons.KeyCloakAdminClientService;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.ConflictException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
|
||||
import com.iqser.red.service.persistence.management.v1.processor.migration.AsyncMigrationStarterService;
|
||||
@ -65,13 +78,17 @@ public class TenantManagementService {
|
||||
private final AsyncMigrationStarterService asyncMigrationStarterService;
|
||||
private final GeneralConfigurationService generalConfigurationService;
|
||||
private final KeyCloakRoleManagerService keyCloakRoleManagerService;
|
||||
private final KeyCloakAdminClientService keycloak;
|
||||
|
||||
|
||||
public TenantManagementService(EncryptionDecryptionService encryptionService,
|
||||
@Qualifier("tenantLiquibaseProperties") LiquibaseProperties liquibaseProperties,
|
||||
ResourceLoader resourceLoader,
|
||||
TenantRepository tenantRepository,
|
||||
AsyncMigrationStarterService asyncMigrationStarterService, GeneralConfigurationService generalConfigurationService, KeyCloakRoleManagerService keyCloakRoleManagerService) {
|
||||
AsyncMigrationStarterService asyncMigrationStarterService,
|
||||
GeneralConfigurationService generalConfigurationService,
|
||||
KeyCloakRoleManagerService keyCloakRoleManagerService,
|
||||
KeyCloakAdminClientService keycloak) {
|
||||
|
||||
this.encryptionService = encryptionService;
|
||||
this.liquibaseProperties = liquibaseProperties;
|
||||
@ -80,6 +97,7 @@ public class TenantManagementService {
|
||||
this.asyncMigrationStarterService = asyncMigrationStarterService;
|
||||
this.generalConfigurationService = generalConfigurationService;
|
||||
this.keyCloakRoleManagerService = keyCloakRoleManagerService;
|
||||
this.keycloak = keycloak;
|
||||
}
|
||||
|
||||
|
||||
@ -145,6 +163,8 @@ public class TenantManagementService {
|
||||
|
||||
tenantRepository.save(tenantEntity);
|
||||
|
||||
createRealm(tenantRequest.getTenantId());
|
||||
|
||||
generalConfigurationService.initGeneralConfiguration(tenantRequest.getTenantId());
|
||||
keyCloakRoleManagerService.updateRoles(tenantRequest.getTenantId());
|
||||
asyncMigrationStarterService.runForTenant(tenantRequest.getTenantId());
|
||||
@ -155,6 +175,78 @@ public class TenantManagementService {
|
||||
}
|
||||
|
||||
|
||||
private void createRealm(String tenantId) {
|
||||
|
||||
var redaction = new RealmRepresentation();
|
||||
redaction.setId(tenantId);
|
||||
redaction.setRealm(tenantId);
|
||||
redaction.setEnabled(true);
|
||||
|
||||
var redactionClient = new ClientRepresentation();
|
||||
redactionClient.setId("redaction");
|
||||
redactionClient.setEnabled(true);
|
||||
redactionClient.setName("redaction");
|
||||
redactionClient.setStandardFlowEnabled(true);
|
||||
redactionClient.setImplicitFlowEnabled(true);
|
||||
redactionClient.setDirectAccessGrantsEnabled(true);
|
||||
|
||||
var redactionSystemClient = new ClientRepresentation();
|
||||
redactionSystemClient.setId("redaction-system");
|
||||
redactionSystemClient.setEnabled(true);
|
||||
redactionSystemClient.setName("redaction-system");
|
||||
redactionSystemClient.setSecret("Gc0WcXOPcefzLyRJ5BiYk169V7VvzXxT");
|
||||
redactionSystemClient.setDirectAccessGrantsEnabled(true);
|
||||
redactionSystemClient.setStandardFlowEnabled(true);
|
||||
redactionSystemClient.setImplicitFlowEnabled(true);
|
||||
redactionSystemClient.setDirectAccessGrantsEnabled(true);
|
||||
|
||||
redaction.setClients(List.of(redactionClient, redactionSystemClient));
|
||||
|
||||
var redUserRole = new RoleRepresentation();
|
||||
redUserRole.setComposite(true);
|
||||
redUserRole.setName(RED_USER_ROLE);
|
||||
redUserRole.setContainerId("redaction");
|
||||
|
||||
var redManagerRole = new RoleRepresentation();
|
||||
redManagerRole.setComposite(true);
|
||||
redManagerRole.setName(RED_MANAGER_ROLE);
|
||||
redManagerRole.setContainerId("redaction");
|
||||
|
||||
var redAdminRole = new RoleRepresentation();
|
||||
redAdminRole.setComposite(true);
|
||||
redAdminRole.setName(RED_ADMIN_ROLE);
|
||||
redAdminRole.setContainerId("redaction");
|
||||
|
||||
var redUserAdminRole = new RoleRepresentation();
|
||||
redUserAdminRole.setComposite(true);
|
||||
redUserAdminRole.setName(RED_USER_ADMIN_ROLE);
|
||||
redUserAdminRole.setContainerId("redaction");
|
||||
|
||||
RolesRepresentation rolesRepresentation = new RolesRepresentation();
|
||||
rolesRepresentation.setRealm(List.of(redUserRole, redManagerRole, redAdminRole, redUserAdminRole));
|
||||
redaction.setRoles(rolesRepresentation);
|
||||
|
||||
var credentialRepresentation = new CredentialRepresentation();
|
||||
credentialRepresentation.setType("password");
|
||||
credentialRepresentation.setValue("OsloImWinter!23");
|
||||
|
||||
var defaultUser = new UserRepresentation();
|
||||
defaultUser.setUsername("manageradmin");
|
||||
defaultUser.setCredentials(List.of(credentialRepresentation));
|
||||
defaultUser.setEmailVerified(true);
|
||||
defaultUser.setRealmRoles(List.of(RED_USER_ROLE, RED_MANAGER_ROLE, RED_ADMIN_ROLE, RED_USER_ADMIN_ROLE, "uma_authorization", "offline_access"));
|
||||
|
||||
var clientRoles = new HashMap<String, List<String>>();
|
||||
clientRoles.put("account", List.of("manage-account", "view-profile"));
|
||||
|
||||
defaultUser.setClientRoles(clientRoles);
|
||||
defaultUser.setEnabled(true);
|
||||
redaction.setUsers(List.of(defaultUser));
|
||||
|
||||
keycloak.getAdminClient().realms().create(redaction);
|
||||
}
|
||||
|
||||
|
||||
@SneakyThrows
|
||||
private void validateJdbcUrl(String jdbcUrl) {
|
||||
|
||||
@ -173,7 +265,6 @@ public class TenantManagementService {
|
||||
}
|
||||
|
||||
|
||||
|
||||
private void runLiquibase(DataSource dataSource) throws LiquibaseException {
|
||||
|
||||
SpringLiquibase liquibase = getSpringLiquibase(dataSource);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user