From 710a2f88ac883e09ff3d01160afb78027614333e Mon Sep 17 00:00:00 2001
From: deiflaender <dominique.eiflaender@iqser.com>
Date: Wed, 22 Mar 2023 13:08:29 +0100
Subject: [PATCH] RED-4515: Create realm on createTenant

---
 .../keycloak/commons/UserListingService.java  |  4 +
 .../service/TenantManagementService.java      | 95 ++++++++++++++++++-
 2 files changed, 97 insertions(+), 2 deletions(-)

diff --git a/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/UserListingService.java b/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/UserListingService.java
index 379738085..ac234c242 100644
--- a/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/UserListingService.java
+++ b/persistence-service-v1/keycloak-commons/src/main/java/com/iqser/red/keycloak/commons/UserListingService.java
@@ -36,6 +36,10 @@ public class UserListingService {
     @Cacheable(value = USERS_CACHE, key = "'tenantId'")
     public List<User> getAllUsers(String tenantId) {
 
+        if(tenantId == "master"){
+            return new ArrayList<>();
+        }
+
         return retryTemplate.execute(context -> {
 
             var realm = realmService.realm(tenantId);
diff --git a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java
index 454bc1bfc..7e7121567 100644
--- a/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java
+++ b/persistence-service-v1/persistence-service-processor-v1/src/main/java/com/iqser/red/service/persistence/management/v1/processor/service/TenantManagementService.java
@@ -1,9 +1,15 @@
 package com.iqser.red.service.persistence.management.v1.processor.service;
 
+import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_ADMIN_ROLE;
+import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_MANAGER_ROLE;
+import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_USER_ADMIN_ROLE;
+import static com.iqser.red.keycloak.commons.roles.ApplicationRoles.RED_USER_ROLE;
+
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Set;
 import java.util.UUID;
@@ -11,6 +17,12 @@ import java.util.stream.Collectors;
 
 import javax.sql.DataSource;
 
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.RolesRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.postgresql.util.PSQLException;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.liquibase.LiquibaseProperties;
@@ -19,6 +31,7 @@ import org.springframework.core.io.ResourceLoader;
 import org.springframework.jdbc.datasource.SingleConnectionDataSource;
 import org.springframework.stereotype.Service;
 
+import com.iqser.red.keycloak.commons.KeyCloakAdminClientService;
 import com.iqser.red.service.persistence.management.v1.processor.exception.ConflictException;
 import com.iqser.red.service.persistence.management.v1.processor.exception.NotFoundException;
 import com.iqser.red.service.persistence.management.v1.processor.migration.AsyncMigrationStarterService;
@@ -65,13 +78,17 @@ public class TenantManagementService {
     private final AsyncMigrationStarterService asyncMigrationStarterService;
     private final GeneralConfigurationService generalConfigurationService;
     private final KeyCloakRoleManagerService keyCloakRoleManagerService;
+    private final KeyCloakAdminClientService keycloak;
 
 
     public TenantManagementService(EncryptionDecryptionService encryptionService,
                                    @Qualifier("tenantLiquibaseProperties") LiquibaseProperties liquibaseProperties,
                                    ResourceLoader resourceLoader,
                                    TenantRepository tenantRepository,
-                                   AsyncMigrationStarterService asyncMigrationStarterService, GeneralConfigurationService generalConfigurationService, KeyCloakRoleManagerService keyCloakRoleManagerService) {
+                                   AsyncMigrationStarterService asyncMigrationStarterService,
+                                   GeneralConfigurationService generalConfigurationService,
+                                   KeyCloakRoleManagerService keyCloakRoleManagerService,
+                                   KeyCloakAdminClientService keycloak) {
 
         this.encryptionService = encryptionService;
         this.liquibaseProperties = liquibaseProperties;
@@ -80,6 +97,7 @@ public class TenantManagementService {
         this.asyncMigrationStarterService = asyncMigrationStarterService;
         this.generalConfigurationService = generalConfigurationService;
         this.keyCloakRoleManagerService = keyCloakRoleManagerService;
+        this.keycloak = keycloak;
     }
 
 
@@ -145,6 +163,8 @@ public class TenantManagementService {
 
             tenantRepository.save(tenantEntity);
 
+            createRealm(tenantRequest.getTenantId());
+
             generalConfigurationService.initGeneralConfiguration(tenantRequest.getTenantId());
             keyCloakRoleManagerService.updateRoles(tenantRequest.getTenantId());
             asyncMigrationStarterService.runForTenant(tenantRequest.getTenantId());
@@ -155,6 +175,78 @@ public class TenantManagementService {
     }
 
 
+    private void createRealm(String tenantId) {
+
+        var redaction = new RealmRepresentation();
+        redaction.setId(tenantId);
+        redaction.setRealm(tenantId);
+        redaction.setEnabled(true);
+
+        var redactionClient = new ClientRepresentation();
+        redactionClient.setId("redaction");
+        redactionClient.setEnabled(true);
+        redactionClient.setName("redaction");
+        redactionClient.setStandardFlowEnabled(true);
+        redactionClient.setImplicitFlowEnabled(true);
+        redactionClient.setDirectAccessGrantsEnabled(true);
+
+        var redactionSystemClient = new ClientRepresentation();
+        redactionSystemClient.setId("redaction-system");
+        redactionSystemClient.setEnabled(true);
+        redactionSystemClient.setName("redaction-system");
+        redactionSystemClient.setSecret("Gc0WcXOPcefzLyRJ5BiYk169V7VvzXxT");
+        redactionSystemClient.setDirectAccessGrantsEnabled(true);
+        redactionSystemClient.setStandardFlowEnabled(true);
+        redactionSystemClient.setImplicitFlowEnabled(true);
+        redactionSystemClient.setDirectAccessGrantsEnabled(true);
+
+        redaction.setClients(List.of(redactionClient, redactionSystemClient));
+
+        var redUserRole = new RoleRepresentation();
+        redUserRole.setComposite(true);
+        redUserRole.setName(RED_USER_ROLE);
+        redUserRole.setContainerId("redaction");
+
+        var redManagerRole = new RoleRepresentation();
+        redManagerRole.setComposite(true);
+        redManagerRole.setName(RED_MANAGER_ROLE);
+        redManagerRole.setContainerId("redaction");
+
+        var redAdminRole = new RoleRepresentation();
+        redAdminRole.setComposite(true);
+        redAdminRole.setName(RED_ADMIN_ROLE);
+        redAdminRole.setContainerId("redaction");
+
+        var redUserAdminRole = new RoleRepresentation();
+        redUserAdminRole.setComposite(true);
+        redUserAdminRole.setName(RED_USER_ADMIN_ROLE);
+        redUserAdminRole.setContainerId("redaction");
+
+        RolesRepresentation rolesRepresentation = new RolesRepresentation();
+        rolesRepresentation.setRealm(List.of(redUserRole, redManagerRole, redAdminRole, redUserAdminRole));
+        redaction.setRoles(rolesRepresentation);
+
+        var credentialRepresentation = new CredentialRepresentation();
+        credentialRepresentation.setType("password");
+        credentialRepresentation.setValue("OsloImWinter!23");
+
+        var defaultUser = new UserRepresentation();
+        defaultUser.setUsername("manageradmin");
+        defaultUser.setCredentials(List.of(credentialRepresentation));
+        defaultUser.setEmailVerified(true);
+        defaultUser.setRealmRoles(List.of(RED_USER_ROLE, RED_MANAGER_ROLE, RED_ADMIN_ROLE, RED_USER_ADMIN_ROLE, "uma_authorization", "offline_access"));
+
+        var clientRoles = new HashMap<String, List<String>>();
+        clientRoles.put("account", List.of("manage-account", "view-profile"));
+
+        defaultUser.setClientRoles(clientRoles);
+        defaultUser.setEnabled(true);
+        redaction.setUsers(List.of(defaultUser));
+
+        keycloak.getAdminClient().realms().create(redaction);
+    }
+
+
     @SneakyThrows
     private void validateJdbcUrl(String jdbcUrl) {
 
@@ -173,7 +265,6 @@ public class TenantManagementService {
     }
 
 
-
     private void runLiquibase(DataSource dataSource) throws LiquibaseException {
 
         SpringLiquibase liquibase = getSpringLiquibase(dataSource);