Merge pull request #1 from indigo-dc/token-management

Token management

.gitignore

@@ -122,3 +122,5 @@ buildNumber.properties
 
 /.idea/
 /.idea/libraries/
+.idea
+.idea/**

README.md

@@ -1,6 +1,6 @@
-# OpenID Connect support for spring social #
+# DEEP Orchestrator and OpenID Connect support for spring social #
 
-This project provides OpenID connect log-in support through Spring Social to Spring projects.
+This project provides integration with the DEEP orchestrator and OpenID connect log-in support through Spring Social to Spring projects.
 
 ## Build ##
 
@@ -15,15 +15,41 @@ Maven is needed to build the source code. To build a binary just execute `mvn cl
     public void addConnectionFactories(ConnectionFactoryConfigurer connectionFactoryConfigurer, Environment environment) {
 
             connectionFactoryConfigurer.addConnectionFactory(
-                    new OidcConnectionFactory(issuer, client-id, client-secret"));
+                    new OidcConnectionFactory(deepOrchestratorURL, certKeystore, issuer, clientId, clientSecret"));
     }
 ```
 
-Where `issuer` is the root URL of the IAM issuer instance and `client-id` and `client-sectet` are the application client identifier and secret to use to authenticate through the code workflow.
+Where:
+- `deepOrchestratorURL` is the base URL pointing to a DEEP orchestrator instance.
+- `certKeystore` is the location of a JKS keystore containing the orchestrator certificate in case it's self-signed or invalid. If the orchestrator has a valid certificate then this parameter can be null.
+- `issuer` is the root URL of the IAM issuer instance 
+- `client-id` and `client-sectet` are the application client identifier and secret to use to authenticate through the code workflow.
+
+## Getting access to the DEEP Orchestrator client
+
+In Spring beans and components whose scope is bound to the request, the DEEP orchestrator can be directly injected using the ``@Inject`` or ``@Autowired`` annotations:
+
+```java
+@Autowired
+private DeepOrchestrator orchestratorClient;
+```
+
+In Spring beans whose scope is not bound to the actual request, the DEEP orchestrator can be obtained by the following snippet:
+
+```java
+@Autowired
+private ConnectionRepository repository;
+
+private DeepOrchestrator getClient() {
+    Connection<DeepOrchestrator> connection = repository.findPrimaryConnection(DeepOrchestrator.class);
+    DeepOrchestrator deepOrchestrator = connection != null ? connection.getApi() : null;
+    return deepOrchestrator;
+}
+```
 
 ## Getting access and refresh tokens from the code ##
 
-Once configured, you can get the current access and refresh tokens from the current user by:
+It's not recommended to access the IAM token directly and instead it's strongly preferred to implement further operations and services in this plug in and then access them as client with the method defined above, however, if necessary, once configured, you can get the current access and refresh tokens from the current user by:
 
 -  Add a reference to the `ConnectionRepository` object in your class:
 ```java
@@ -33,5 +59,5 @@ private ConnectionRepository connRepository;
 
 - Access the tokens with the following snippet:
 ```java
-connRepository.getPrimaryConnection(Oidc.class).createData()
+connRepository.getPrimaryConnection(DeepOrchestrator.class).createData()
 ``` 

pom.xml

@@ -5,8 +5,8 @@
     <modelVersion>4.0.0</modelVersion>
 
     <groupId>org.springframework.social</groupId>
-    <artifactId>spring-social-oidc</artifactId>
-    <version>1.0-SNAPSHOT</version>
+    <artifactId>spring-social-oidc-deep</artifactId>
+    <version>1.2-SNAPSHOT</version>
 
     <properties>
         <jackson.version>2.9.5</jackson.version>
@@ -30,6 +30,14 @@
             <artifactId>jackson-annotations</artifactId>
             <version>${jackson.version}</version>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.3.6</version>
+        </dependency>
+
+
     </dependencies>
 
     <build>

src/main/java/org/springframework/social/oidc/deep/api/DeepOrchestrator.java

@@ -0,0 +1,40 @@
+package org.springframework.social.oidc.deep.api;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.social.ApiBinding;
+
+public interface DeepOrchestrator extends ApiBinding {
+
+  /**
+   * Returns the profile of the logged user.
+   * @return The profile of the logged user.
+   */
+  OidcUserProfile getProfile();
+
+  /**
+   * Gets a list of deployments of the logged user.
+   * @return The list of deployments in plain text. It must be parsed by the calling client.
+   */
+  ResponseEntity<String> callGetDeployments();
+
+  /**
+   * Deploys a template in the orchestrator.
+   * @param yamlTopology The yaml topology to deploy in plain text.
+   * @return The operation result in plain text. It must be parsed by the calling client.
+   */
+  ResponseEntity<String> callDeploy(String yamlTopology);
+
+  /**
+   * Gets the status of a deployment.
+   * @param deploymentId The deployment identifier.
+   * @return The deployment status in plain text. It must be parsed by the calling client.
+   */
+  ResponseEntity<String> callDeploymentStatus(String deploymentId);
+
+  /**
+   * Undeploys a deployment.
+   * @param deploymentId The deployment identifier.
+   * @return The operation result in plain text. It must be parsed by the calling client.
+   */
+  ResponseEntity<String> callUndeploy(String deploymentId);
+}

src/main/java/org/springframework/social/oidc/api/OidcConfiguration.java → src/main/java/org/springframework/social/oidc/deep/api/OidcConfiguration.java

@@ -1,4 +1,4 @@
-package org.springframework.social.oidc.api;
+package org.springframework.social.oidc.deep.api;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 

src/main/java/org/springframework/social/oidc/api/OidcUserProfile.java → src/main/java/org/springframework/social/oidc/deep/api/OidcUserProfile.java

@@ -1,4 +1,4 @@
-package org.springframework.social.oidc.api;
+package org.springframework.social.oidc.deep.api;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 

src/main/java/org/springframework/social/oidc/deep/api/impl/DeepOrchestratorTemplate.java

@@ -0,0 +1,139 @@
+package org.springframework.social.oidc.deep.api.impl;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.RequestEntity;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.social.oauth2.AbstractOAuth2ApiBinding;
+import org.springframework.social.oidc.deep.api.DeepOrchestrator;
+import org.springframework.social.oidc.deep.api.OidcConfiguration;
+import org.springframework.social.oidc.deep.api.OidcUserProfile;
+import org.springframework.social.support.URIBuilder;
+
+import java.net.URI;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+
+public class DeepOrchestratorTemplate extends AbstractOAuth2ApiBinding implements DeepOrchestrator {
+
+  private static final Log logger = LogFactory.getLog(DeepOrchestratorTemplate.class);
+
+  private OidcConfiguration configuration;
+
+  private URI baseUrl;
+  /** Web service path for deployments operations; It is appended to the orchestrator endpoint. */
+  public static final String WS_PATH_DEPLOYMENTS = "/deployments";
+
+  /**
+   * Creates a new OIDC Template based on the OIDC endpoint configuration.
+   *
+   * @param configuration Configuration of the OIDC endpoint
+   * @param accessToken Obtained access token
+   */
+  public DeepOrchestratorTemplate(
+      String orchestratorBaseUrl,
+      KeyStore orchestratorCert,
+      OidcConfiguration configuration,
+      String accessToken)
+      throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+    super(accessToken);
+    this.configuration = configuration;
+    this.baseUrl = URI.create(orchestratorBaseUrl + WS_PATH_DEPLOYMENTS);
+    if (orchestratorCert != null) {
+      setSslContext(orchestratorCert);
+    }
+  }
+
+  /**
+   * When the orchestrator is using an invalid certificate, this method can be called to accept the
+   * certificate.
+   *
+   * @param cert A JKS keystore containing the orchestrator certificate.
+   * @throws KeyStoreException The keystore is invalid.
+   * @throws NoSuchAlgorithmException A problem occurred opening the keystore.
+   * @throws KeyManagementException A problem occurred opening the keystore.
+   */
+  public void setSslContext(KeyStore cert)
+      throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
+    if (cert != null) {
+      SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+      sslContextBuilder.loadTrustMaterial(cert);
+      SSLContext context = sslContextBuilder.build();
+      HttpComponentsClientHttpRequestFactory requestFactory =
+          new HttpComponentsClientHttpRequestFactory();
+      requestFactory.setHttpClient(HttpClients.custom().setSslcontext(context).build());
+      this.setRequestFactory(requestFactory);
+    }
+  }
+
+  /**
+   * Returns the profile of the logged user.
+   *
+   * @return The profile of the logged user.
+   */
+  public OidcUserProfile getProfile() {
+    return getRestTemplate()
+        .getForObject(configuration.getUserinfoEndpoint(), OidcUserProfile.class);
+  }
+
+  /**
+   * Gets a list of deployments of the logged user.
+   *
+   * @return The list of deployments in plain text. It must be parsed by the calling client.
+   */
+  public ResponseEntity<String> callGetDeployments() {
+    URIBuilder builder = URIBuilder.fromUri(baseUrl);
+    builder.queryParam("createdBy", "me");
+
+    return getRestTemplate().getForEntity(builder.build().toString(), String.class);
+  }
+
+  /**
+   * Deploys a template in the orchestrator.
+   *
+   * @param yamlTopology The yaml topology to deploy in plain text.
+   * @return The operation result in plain text. It must be parsed by the calling client.
+   */
+  public ResponseEntity<String> callDeploy(String yamlTopology) {
+    HttpHeaders headers = new HttpHeaders();
+    headers.setContentType(MediaType.APPLICATION_JSON);
+
+    HttpEntity<String> entity = new HttpEntity<String>(yamlTopology, headers);
+    return getRestTemplate().postForEntity(baseUrl, entity, String.class);
+  }
+
+  /**
+   * Gets the status of a deployment.
+   *
+   * @param deploymentId The deployment identifier.
+   * @return The deployment status in plain text. It must be parsed by the calling client.
+   */
+  public ResponseEntity<String> callDeploymentStatus(String deploymentId) {
+    return getRestTemplate()
+        .getForEntity(URI.create(baseUrl.toString() + "/" + deploymentId), String.class);
+  }
+
+  /**
+   * Undeploys a deployment.
+   *
+   * @param deploymentId The deployment identifier.
+   * @return The operation result in plain text. It must be parsed by the calling client.
+   */
+  public ResponseEntity<String> callUndeploy(String deploymentId) {
+    RequestEntity<Void> requestEntity =
+        new RequestEntity<Void>(
+            HttpMethod.DELETE, URI.create(baseUrl.toString() + "/" + deploymentId));
+    return getRestTemplate().exchange(requestEntity, String.class);
+  }
+}

src/main/java/org/springframework/social/oidc/connect/OidcAdapter.java → src/main/java/org/springframework/social/oidc/deep/connect/OidcAdapter.java

@@ -1,15 +1,15 @@
-package org.springframework.social.oidc.connect;
+package org.springframework.social.oidc.deep.connect;
 
 import org.springframework.social.connect.ApiAdapter;
 import org.springframework.social.connect.ConnectionValues;
 import org.springframework.social.connect.UserProfile;
 import org.springframework.social.connect.UserProfileBuilder;
-import org.springframework.social.oidc.api.Oidc;
-import org.springframework.social.oidc.api.OidcUserProfile;
+import org.springframework.social.oidc.deep.api.DeepOrchestrator;
+import org.springframework.social.oidc.deep.api.OidcUserProfile;
 
-public class OidcAdapter implements ApiAdapter<Oidc> {
+public class OidcAdapter implements ApiAdapter<DeepOrchestrator> {
 
-  public boolean test(Oidc api) {
+  public boolean test(DeepOrchestrator api) {
     return api.isAuthorized() && api.getProfile() != null;
   }
 
@@ -19,7 +19,7 @@ public boolean test(Oidc api) {
    * @param api The API to get the user profile from.
    * @param values The user profile values to set from the API.
    */
-  public void setConnectionValues(Oidc api, ConnectionValues values) {
+  public void setConnectionValues(DeepOrchestrator api, ConnectionValues values) {
     OidcUserProfile profile = api.getProfile();
     values.setProviderUserId(profile.getSub());
     values.setDisplayName(profile.getGivenName() + " " + profile.getFamilyName());
@@ -31,7 +31,7 @@ public void setConnectionValues(Oidc api, ConnectionValues values) {
    * @param api The API to request.
    * @return The user profile.
    */
-  public UserProfile fetchUserProfile(Oidc api) {
+  public UserProfile fetchUserProfile(DeepOrchestrator api) {
     OidcUserProfile profile = api.getProfile();
     return new UserProfileBuilder()
         .setId(profile.getSub())
@@ -42,5 +42,5 @@ public UserProfile fetchUserProfile(Oidc api) {
         .build();
   }
 
-  public void updateStatus(Oidc api, String message) {}
+  public void updateStatus(DeepOrchestrator api, String message) {}
 }