search

apache / airavata-custos

Apache Airavata Custos Security
https://airavata.apache.org/custos
Apache License 2.0
14 stars 27 forks source link

findUsers isn't returning results when called with super tenant credentials for a child tenant #382

Closed machristie closed 1 year ago

machristie commented 1 year ago

I created a super tenant and a child tenant. In the child tenant I created a user with username "demouser". I then tried to search for the "demouser" in the child tenant but using the super tenant credential. This is to support a Data Catalog use case (see https://github.com/apache/airavata-data-catalog/issues/12): Data Catalog will have a Custos super tenant credential and will use that to resolve users, groups, etc. in child tenants.

Here's the code I used:

        // Super tenant
        String clientId = "custos-s8qf9g3odbbcdsgd2khv-10000000";
        String clientSec = "REDACTED";
        String childClientId = "custos-e6vgzgskcr0pewrejma3-10000002";
        // String clientId = "custos-e6vgzgskcr0pewrejma3-10000002";
        // String clientSec = "REDACTED";
        CustosClientProvider custosClientProvider = new CustosClientProvider.Builder().setServerHost("localhost")
                .setServerPort(7000)
                .setClientId(clientId) // client Id generated from above step or any active tenant id
                .setClientSec(clientSec)
                .usePlainText(true) // Don't use this in production setup
                .build();
        UserManagementClient userManagementClient = custosClientProvider.getUserManagementClient();
        // userManagementClient.registerUser("demoUser", "Demo", "User", "testpassword",
        // "demouser@gmail.com", false);
        // userManagementClient.enableUser("demoUser");
        // FindUsersResponse findUsersResponse =
        // userManagementClient.findUser("demouser", null, null, null, 0, 1);
        FindUsersResponse findUsersResponse = userManagementClient.findUser(childClientId, "demouser", null, null, null,
                0, 1);
        System.out.println("findUsersResponse=" + findUsersResponse);

The above works if I search for the user with the child tenant credentials, but not when I use the super tenant credentials.

isururanawaka commented 1 year ago

@machristie please try out FindUsersResponse response = userManagementClient.findUsers("CLIENT_ID",null,"demouser",null,null,null, 0,1);

machristie commented 1 year ago

Thanks @isururanawaka , that worked