diff --git a/auth-agents-common/pom.xml b/auth-agents-common/pom.xml
index e2885cebf3..e4724120fb 100644
--- a/auth-agents-common/pom.xml
+++ b/auth-agents-common/pom.xml
@@ -51,7 +51,7 @@
org.apache.atlas
- client-keycloak
+ client-auth
${project.version}
diff --git a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
index ce2507743d..a78de78cde 100644
--- a/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
+++ b/auth-agents-common/src/main/java/org/apache/atlas/plugin/util/KeycloakUserStore.java
@@ -31,7 +31,6 @@
import org.keycloak.representations.idm.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.commons.configuration.Configuration;
import java.util.*;
import java.util.concurrent.Callable;
@@ -40,7 +39,8 @@
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
-import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
+import static org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient.getKeycloakClient;
+import static org.apache.atlas.auth.client.heracles.AtlasHeraclesClient.getHeraclesClient;
import static org.apache.atlas.repository.Constants.*;
import static org.apache.atlas.repository.util.AccessControlUtils.ARGO_SERVICE_USER_NAME;
import static org.apache.atlas.repository.util.AccessControlUtils.BACKEND_SERVICE_USER_NAME;
@@ -277,10 +277,8 @@ public RangerUserStore loadUserStoreIfUpdated(long lastUpdatedTime) throws Atlas
}
Map> userGroupMapping = new HashMap<>();
-
- List kUsers = getKeycloakClient().getAllUsers();
+ List kUsers = getHeraclesClient().getAllUsers();
LOG.info("Found {} keycloak users", kUsers.size());
-
List> callables = new ArrayList<>();
kUsers.forEach(x -> callables.add(new UserGroupsFetcher(x, userGroupMapping)));
@@ -417,13 +415,13 @@ public RangerRole call() throws Exception {
//get all users for Roles
Thread usersFetcher = new Thread(() -> {
int start = 0;
- int size = 1500;
+ int size = 100;
boolean found = true;
Set ret = new HashSet<>();
do {
try {
- Set userRepresentations = getKeycloakClient().getRoleUserMembers(kRole.getName(), start, size);
+ Set userRepresentations = getHeraclesClient().getRoleUserMembers(kRole.getName(), start, size);
if (CollectionUtils.isNotEmpty(userRepresentations)) {
ret.addAll(userRepresentations);
start += size;
diff --git a/client-keycloak/pom.xml b/client-auth/pom.xml
similarity index 98%
rename from client-keycloak/pom.xml
rename to client-auth/pom.xml
index b0a231b0c3..9087a98bed 100644
--- a/client-keycloak/pom.xml
+++ b/client-auth/pom.xml
@@ -27,7 +27,7 @@
4.0.0
- client-keycloak
+ client-auth
8
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/AbstractKeycloakClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java
similarity index 78%
rename from client-keycloak/src/main/java/org/apache/atlas/keycloak/client/AbstractKeycloakClient.java
rename to client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java
index 86bdf6fbf7..a6d323f982 100644
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/AbstractKeycloakClient.java
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/auth/AbstractAuthClient.java
@@ -1,13 +1,15 @@
-package org.apache.atlas.keycloak.client;
+package org.apache.atlas.auth.client.auth;
+import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.micrometer.core.instrument.Timer;
+import org.apache.atlas.auth.client.config.AuthConfig;
+import org.apache.atlas.auth.client.heracles.RetrofitHeraclesClient;
+import org.apache.atlas.auth.client.keycloak.RetrofitKeycloakClient;
import okhttp3.*;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.atlas.AtlasErrorCode;
import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.keycloak.client.config.KeycloakConfig;
-import org.apache.atlas.keycloak.client.service.AtlasKeycloakAuthService;
import org.apache.atlas.service.metrics.MetricUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -26,9 +28,9 @@
import static org.apache.atlas.AtlasErrorCode.BAD_REQUEST;
import static org.apache.atlas.AtlasErrorCode.RESOURCE_NOT_FOUND;
-abstract class AbstractKeycloakClient {
+public class AbstractAuthClient {
- private final static Logger LOG = LoggerFactory.getLogger(AbstractKeycloakClient.class);
+ private final static Logger LOG = LoggerFactory.getLogger(AbstractAuthClient.class);
private static final Map ERROR_CODE_MAP = new HashMap<>();
private static final int DEFAULT_KEYCLOAK_RETRY = 3;
@@ -38,10 +40,11 @@ abstract class AbstractKeycloakClient {
private static final String INTEGRATION = "integration";
private static final String KEYCLOAK = "keycloak";
- protected final KeycloakConfig keycloakConfig;
- protected final RetrofitKeycloakClient retrofit;
+ protected final AuthConfig authConfig;
+ protected final RetrofitKeycloakClient retrofitKeycloakClient;
+ protected final RetrofitHeraclesClient retrofitHeraclesClient;
- private final AtlasKeycloakAuthService authService;
+ private final KeycloakAuthenticationService authService;
private MetricUtils metricUtils = null;
static {
@@ -49,8 +52,8 @@ abstract class AbstractKeycloakClient {
ERROR_CODE_MAP.put(HTTP_BAD_REQUEST, BAD_REQUEST);
}
- public AbstractKeycloakClient(KeycloakConfig keycloakConfig) {
- this.keycloakConfig = keycloakConfig;
+ public AbstractAuthClient(AuthConfig authConfig) {
+ this.authConfig = authConfig;
this.metricUtils = new MetricUtils();
HttpLoggingInterceptor httpInterceptor = new HttpLoggingInterceptor();
httpInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
@@ -64,11 +67,15 @@ public AbstractKeycloakClient(KeycloakConfig keycloakConfig) {
.writeTimeout(TIMEOUT_IN_SEC, TimeUnit.SECONDS)
.readTimeout(TIMEOUT_IN_SEC, TimeUnit.SECONDS)
.build();
- this.retrofit = new Retrofit.Builder().client(okHttpClient)
- .baseUrl(this.keycloakConfig.getAuthServerUrl())
+ this.retrofitKeycloakClient = new Retrofit.Builder().client(okHttpClient)
+ .baseUrl(this.authConfig.getAuthServerUrl())
.addConverterFactory(JacksonConverterFactory.create(new ObjectMapper())).build()
.create(RetrofitKeycloakClient.class);
- authService = new AtlasKeycloakAuthService(keycloakConfig);
+ this.retrofitHeraclesClient = new Retrofit.Builder().client(okHttpClient)
+ .baseUrl(this.authConfig.getHeraclesApiServerUrl())
+ .addConverterFactory(JacksonConverterFactory.create(new ObjectMapper().disable(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES))).build()
+ .create(RetrofitHeraclesClient.class);
+ authService = new KeycloakAuthenticationService(authConfig);
}
/**
@@ -97,7 +104,6 @@ public Response intercept(@NonNull Chain chain) throws IOException {
return chain.proceed(request);
}
};
-
/**
* Called only during auth failures.
*/
@@ -110,8 +116,8 @@ public Request authenticate(Route route, @NonNull Response response) {
}
LOG.info("Keycloak: Current keycloak token status, Expired: {}", authService.isTokenExpired());
return response.request().newBuilder()
- .addHeader(AUTHORIZATION, BEARER + authService.getAuthToken())
- .build();
+ .addHeader(AUTHORIZATION, BEARER + authService.getAuthToken())
+ .build();
}
private int responseCount(Response response) {
@@ -139,8 +145,9 @@ protected retrofit2.Response processResponse(retrofit2.Call req) throw
throw new AtlasBaseException(ERROR_CODE_MAP.getOrDefault(response.code(), BAD_REQUEST), errMsg);
} catch (Exception e) {
LOG.error("Keycloak: request failed, request: {} {}, Exception: {}", req.request().method(), req.request().url(), e);
- throw new AtlasBaseException(BAD_REQUEST, "Keycloak request failed");
+ throw new AtlasBaseException(BAD_REQUEST, "Auth request failed");
}
}
+
}
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/service/AtlasKeycloakAuthService.java b/client-auth/src/main/java/org/apache/atlas/auth/client/auth/KeycloakAuthenticationService.java
similarity index 81%
rename from client-keycloak/src/main/java/org/apache/atlas/keycloak/client/service/AtlasKeycloakAuthService.java
rename to client-auth/src/main/java/org/apache/atlas/auth/client/auth/KeycloakAuthenticationService.java
index fc4d40df7e..2cbc9acbe0 100644
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/service/AtlasKeycloakAuthService.java
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/auth/KeycloakAuthenticationService.java
@@ -1,11 +1,11 @@
-package org.apache.atlas.keycloak.client.service;
+package org.apache.atlas.auth.client.auth;
import com.fasterxml.jackson.databind.ObjectMapper;
import okhttp3.*;
import okhttp3.logging.HttpLoggingInterceptor;
+import org.apache.atlas.auth.client.config.AuthConfig;
import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.keycloak.client.RetrofitKeycloakClient;
-import org.apache.atlas.keycloak.client.config.KeycloakConfig;
+import org.apache.atlas.auth.client.keycloak.RetrofitKeycloakClient;
import org.jetbrains.annotations.NotNull;
import org.keycloak.representations.AccessTokenResponse;
import org.slf4j.Logger;
@@ -19,9 +19,9 @@
import static org.apache.atlas.AtlasErrorCode.BAD_REQUEST;
-public final class AtlasKeycloakAuthService {
+public final class KeycloakAuthenticationService {
- public final static Logger LOG = LoggerFactory.getLogger(AtlasKeycloakAuthService.class);
+ public final static Logger LOG = LoggerFactory.getLogger(KeycloakAuthenticationService.class);
private final static String GRANT_TYPE = "grant_type";
private static final String CLIENT_ID = "client_id";
@@ -30,14 +30,14 @@ public final class AtlasKeycloakAuthService {
private static final int TIMEOUT_IN_SECS = 60;
private final RetrofitKeycloakClient retrofit;
- private final KeycloakConfig keycloakConfig;
+ private final AuthConfig authConfig;
private AccessTokenResponse currentAccessToken;
private long expirationTime = -1;
- public AtlasKeycloakAuthService(KeycloakConfig keycloakConfig) {
- this.keycloakConfig = keycloakConfig;
+ public KeycloakAuthenticationService(AuthConfig authConfig) {
+ this.authConfig = authConfig;
this.retrofit = new Retrofit.Builder().client(getOkHttpClient())
- .baseUrl(this.keycloakConfig.getAuthServerUrl())
+ .baseUrl(this.authConfig.getAuthServerUrl())
.addConverterFactory(JacksonConverterFactory.create(new ObjectMapper())).build()
.create(RetrofitKeycloakClient.class);
}
@@ -70,7 +70,7 @@ public String getAuthToken() {
synchronized (this) {
if (isTokenExpired()) {
try {
- retrofit2.Response resp = this.retrofit.grantToken(this.keycloakConfig.getRealmId(), getTokenRequest()).execute();
+ retrofit2.Response resp = this.retrofit.grantToken(this.authConfig.getRealmId(), getTokenRequest()).execute();
if (resp.isSuccessful()) {
currentAccessToken = resp.body();
expirationTime = currentTime() + currentAccessToken.getExpiresIn() - EXPIRY_OFFSET_SEC;
@@ -97,7 +97,7 @@ public boolean isTokenExpired() {
}
private RequestBody getTokenRequest() {
- return new FormBody.Builder().addEncoded(CLIENT_ID, this.keycloakConfig.getClientId()).addEncoded(CLIENT_SECRET, this.keycloakConfig.getClientSecret()).addEncoded(GRANT_TYPE, this.keycloakConfig.getGrantType()).build();
+ return new FormBody.Builder().addEncoded(CLIENT_ID, this.authConfig.getClientId()).addEncoded(CLIENT_SECRET, this.authConfig.getClientSecret()).addEncoded(GRANT_TYPE, this.authConfig.getGrantType()).build();
}
private long currentTime() {
diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/config/AuthConfig.java b/client-auth/src/main/java/org/apache/atlas/auth/client/config/AuthConfig.java
new file mode 100644
index 0000000000..33d98de049
--- /dev/null
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/config/AuthConfig.java
@@ -0,0 +1,100 @@
+package org.apache.atlas.auth.client.config;
+
+import org.apache.atlas.AtlasErrorCode;
+import org.apache.atlas.exception.AtlasBaseException;
+import org.apache.commons.lang.StringUtils;
+import org.codehaus.jettison.json.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.Optional;
+
+import static org.apache.atlas.ApplicationProperties.ATLAS_CONFIGURATION_DIRECTORY_PROPERTY;
+
+public class AuthConfig {
+ private static final Logger LOG = LoggerFactory.getLogger(AuthConfig.class);
+
+ public String authServerUrl;
+ public String realmId;
+ public String clientId;
+ public String clientSecret;
+ public String grantType;
+ public String heraclesApiServerUrl;
+
+ private static final String KEYCLOAK_PROPERTIES = "keycloak.json";
+ private static final String DEFAULT_GRANT_TYPE = "client_credentials";
+ private static final String KEY_REALM_ID = "realm";
+ private static final String KEY_AUTH_SERVER_URL = "auth-server-url";
+ private static final String KEY_CLIENT_ID = "resource";
+ private static final String KEY_CREDENTIALS = "credentials";
+ private static final String KEY_SECRET = "secret";
+
+ public String getAuthServerUrl() {
+ return authServerUrl;
+ }
+
+ public String getRealmId() {
+ return realmId;
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public String getClientSecret() {
+ return clientSecret;
+ }
+
+ public String getGrantType() {
+ return grantType;
+ }
+
+ public String getHeraclesApiServerUrl() {
+ return heraclesApiServerUrl;
+ }
+
+ public static AuthConfig getConfig() throws AtlasBaseException {
+ String confLocation = System.getProperty(ATLAS_CONFIGURATION_DIRECTORY_PROPERTY);
+ Optional confFile = getConfigurationFile(confLocation);
+
+ if (confFile.isPresent()) {
+ try {
+ JSONObject object = new JSONObject(readFileToString(confFile.get()));
+ return buildAuthConfigFromJson(object);
+ } catch (Exception e) {
+ LOG.error("Error parsing Keycloak configuration: ", e);
+ throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, "Error parsing Keycloak configuration");
+ }
+ } else {
+ throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, "Keycloak configuration file not found in location " + confLocation);
+ }
+ }
+
+ private static Optional getConfigurationFile(String confLocation) {
+ if (StringUtils.isNotEmpty(confLocation)) {
+ File confFile = new File(confLocation, KEYCLOAK_PROPERTIES);
+ if (confFile.exists()) {
+ return Optional.of(confFile);
+ }
+ }
+ return Optional.empty();
+ }
+
+ private static String readFileToString(File file) throws Exception {
+ return new String(Files.readAllBytes(file.toPath()), StandardCharsets.UTF_8);
+ }
+
+ private static AuthConfig buildAuthConfigFromJson(JSONObject object) throws Exception {
+ String realmId = object.getString(KEY_REALM_ID);
+ String authServerUrl = object.getString(KEY_AUTH_SERVER_URL) + "/";
+ String clientId = object.getString(KEY_CLIENT_ID);
+ String grantType = DEFAULT_GRANT_TYPE;
+ String clientSecret = object.getJSONObject(KEY_CREDENTIALS).getString(KEY_SECRET);
+
+ LOG.info("Keycloak configuration: REALM_ID:{}, AUTH_SERVER_URL:{}", realmId, authServerUrl);
+ return AuthConfigBuilder.builder().realId(realmId).authServerUrl(authServerUrl).clientId(clientId).grantType(grantType).clientSecret(clientSecret).build();
+ }
+}
diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/config/AuthConfigBuilder.java b/client-auth/src/main/java/org/apache/atlas/auth/client/config/AuthConfigBuilder.java
new file mode 100644
index 0000000000..552033d2c1
--- /dev/null
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/config/AuthConfigBuilder.java
@@ -0,0 +1,55 @@
+package org.apache.atlas.auth.client.config;
+
+import org.apache.atlas.AtlasConfiguration;
+
+public class AuthConfigBuilder {
+
+ private String authServerUrl;
+ private String realmId;
+ private String clientId;
+ private String clientSecret;
+ private String grantType = "client_credentials";
+
+ private AuthConfigBuilder() {
+ }
+
+ public static AuthConfigBuilder builder() {
+ return new AuthConfigBuilder();
+ }
+
+ public AuthConfigBuilder authServerUrl(String authServerUrl) {
+ this.authServerUrl = authServerUrl;
+ return this;
+ }
+
+ public AuthConfigBuilder realId(String realId) {
+ this.realmId = realId;
+ return this;
+ }
+
+ public AuthConfigBuilder clientId(String clientId) {
+ this.clientId = clientId;
+ return this;
+ }
+
+ public AuthConfigBuilder clientSecret(String clientSecret) {
+ this.clientSecret = clientSecret;
+ return this;
+ }
+
+ public AuthConfigBuilder grantType(String grantType) {
+ this.grantType = grantType;
+ return this;
+ }
+
+ public AuthConfig build() {
+ AuthConfig authConfig = new AuthConfig();
+ authConfig.authServerUrl = authServerUrl;
+ authConfig.realmId = realmId;
+ authConfig.clientId = clientId;
+ authConfig.clientSecret = clientSecret;
+ authConfig.grantType = grantType;
+ authConfig.heraclesApiServerUrl= AtlasConfiguration.HERACLES_API_SERVER_URL.getString()+"/";
+ return authConfig;
+ }
+}
diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/AtlasHeraclesClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/AtlasHeraclesClient.java
new file mode 100644
index 0000000000..380f992076
--- /dev/null
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/AtlasHeraclesClient.java
@@ -0,0 +1,69 @@
+package org.apache.atlas.auth.client.heracles;
+
+import org.apache.atlas.auth.client.config.AuthConfig;
+import org.apache.atlas.exception.AtlasBaseException;
+import org.apache.atlas.auth.client.heracles.models.HeraclesUsersRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+public class AtlasHeraclesClient {
+ public final static Logger LOG = LoggerFactory.getLogger(AtlasHeraclesClient.class);
+
+ private static HeraclesRestClient HERACLES;
+ private static AtlasHeraclesClient HERACLES_CLIENT;
+
+ public AtlasHeraclesClient() {}
+
+ public static AtlasHeraclesClient getHeraclesClient() {
+ if(Objects.isNull(HERACLES_CLIENT)) {
+ LOG.info("Initializing Keycloak client..");
+ try{
+ init(AuthConfig.getConfig());
+ } catch (Exception e) {
+ LOG.error("Error initializing Heracles client", e);
+ }
+ }
+ return HERACLES_CLIENT;
+ }
+
+ private static void init(AuthConfig authConfig) {
+ if (HERACLES == null) {
+ HERACLES = new HeraclesRestClient(authConfig);
+ HERACLES_CLIENT = new AtlasHeraclesClient();
+ }
+ }
+
+ public List getAllUsers() throws AtlasBaseException {
+ int start = 0;
+ int size = 100;
+ boolean found = true;
+
+ List ret = new ArrayList<>(0);
+ do {
+
+ List userRepresentations = HERACLES.getUsers(start, size, HeraclesUsersRepresentation.USER_PROJECTIONS, null, HeraclesUsersRepresentation.USER_SORT).body().toKeycloakUserRepresentations();
+ if (userRepresentations != null && !userRepresentations.isEmpty()) {
+ ret.addAll(userRepresentations);
+ start += size;
+ } else {
+ found = false;
+ }
+ } while (found && ret.size() % size == 0);
+
+ return ret;
+ }
+
+
+ public Set getRoleUserMembers(String roleName, int start, int size) throws AtlasBaseException {
+ String template = "{\"$and\":[{\"roles\":{\"$elemMatch\":[\"{0}\"]}}]}";
+ String filter = template.replace("{0}", roleName);
+ return HERACLES.getUsers(start, size, HeraclesUsersRepresentation.USER_PROJECTIONS, filter,HeraclesUsersRepresentation.USER_SORT ).body().toKeycloakUserRepresentations().stream().collect(Collectors.toSet());
+ }
+}
diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/HeraclesRestClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/HeraclesRestClient.java
new file mode 100644
index 0000000000..a9adc68b7e
--- /dev/null
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/HeraclesRestClient.java
@@ -0,0 +1,18 @@
+package org.apache.atlas.auth.client.heracles;
+
+import org.apache.atlas.auth.client.config.AuthConfig;
+import org.apache.atlas.auth.client.auth.AbstractAuthClient;
+import org.apache.atlas.exception.AtlasBaseException;
+import org.apache.atlas.auth.client.heracles.models.HeraclesUsersRepresentation;
+import retrofit2.Response;
+
+public class HeraclesRestClient extends AbstractAuthClient {
+
+ public HeraclesRestClient(final AuthConfig authConfig) {
+ super(authConfig);
+ }
+ public Response getUsers(int offset,int limit, String columns, String filter, String sort) throws AtlasBaseException {
+ return processResponse(this.retrofitHeraclesClient.getUsers(offset, columns, filter, limit,sort));
+ }
+
+}
diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/RetrofitHeraclesClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/RetrofitHeraclesClient.java
new file mode 100644
index 0000000000..c35451852c
--- /dev/null
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/RetrofitHeraclesClient.java
@@ -0,0 +1,16 @@
+package org.apache.atlas.auth.client.heracles;
+
+import org.apache.atlas.auth.client.heracles.models.HeraclesUsersRepresentation;
+import retrofit2.Call;
+import retrofit2.http.GET;
+import retrofit2.http.Headers;
+import retrofit2.http.Query;
+
+public interface RetrofitHeraclesClient {
+ @Headers({"Accept: application/json,text/plain", "Cache-Control: no-store", "Cache-Control: no-cache"})
+ @GET("/users")
+ Call getUsers(@Query("offset") Integer offset, @Query("columns") String columns,
+ @Query(value = "filter", encoded = true) String filter, @Query("limit") Integer limit,
+ @Query("sort") String sort);
+
+}
diff --git a/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/models/HeraclesUsersRepresentation.java b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/models/HeraclesUsersRepresentation.java
new file mode 100644
index 0000000000..d1734d33c1
--- /dev/null
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/heracles/models/HeraclesUsersRepresentation.java
@@ -0,0 +1,113 @@
+package org.apache.atlas.auth.client.heracles.models;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import org.keycloak.representations.idm.UserRepresentation;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class HeraclesUsersRepresentation {
+ protected int totalRecord;
+ protected int filterRecord;
+ protected List records;
+ public static final String USER_PROJECTIONS = "emailVerified,enabled,id,status,username";
+ public static final String USER_SORT = "email";
+
+ public HeraclesUsersRepresentation() {
+ }
+
+ public HeraclesUsersRepresentation(int totalRecord, int filterRecord, List records) {
+ this.totalRecord = totalRecord;
+ this.filterRecord = filterRecord;
+ this.records = records;
+ }
+
+ public int getTotalRecord() {
+ return totalRecord;
+ }
+
+ public void setTotalRecord(int totalRecord) {
+ this.totalRecord = totalRecord;
+ }
+
+ public int getFilterRecord() {
+ return filterRecord;
+ }
+
+ public void setFilterRecord(int filterRecord) {
+ this.filterRecord = filterRecord;
+ }
+
+ public List getRecords() {
+ return records;
+ }
+
+ public void setRecords(List records) {
+ this.records = records;
+ }
+
+ public List toKeycloakUserRepresentations() {
+ List userRepresentations = new ArrayList<>();
+ for (HeraclesUserRepresentation heraclesUserRepresentation : records) {
+ UserRepresentation userRepresentation = new UserRepresentation();
+ userRepresentation.setEmailVerified(heraclesUserRepresentation.emailVerified);
+ userRepresentation.setEnabled(heraclesUserRepresentation.enabled);
+ userRepresentation.setUsername(heraclesUserRepresentation.username);
+ userRepresentation.setId(heraclesUserRepresentation.id);
+ userRepresentations.add(userRepresentation);
+ }
+ return userRepresentations;
+ }
+}
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+class HeraclesUserRepresentation {
+ protected boolean emailVerified;
+ protected boolean enabled;
+ protected String username;
+ protected String id;
+
+ public HeraclesUserRepresentation() {
+ }
+
+ public HeraclesUserRepresentation(boolean emailVerified, boolean enabled, String username, String id) {
+ this.emailVerified = emailVerified;
+ this.enabled = enabled;
+ this.username = username;
+ this.id = id;
+ }
+
+ public boolean isEmailVerified() {
+ return emailVerified;
+ }
+
+ public void setEmailVerified(boolean emailVerified) {
+ this.emailVerified = emailVerified;
+ }
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
+ this.enabled = enabled;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+}
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/AtlasKeycloakClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/AtlasKeycloakClient.java
similarity index 70%
rename from client-keycloak/src/main/java/org/apache/atlas/keycloak/client/AtlasKeycloakClient.java
rename to client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/AtlasKeycloakClient.java
index fe723bbce1..9ec43428e6 100644
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/AtlasKeycloakClient.java
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/AtlasKeycloakClient.java
@@ -1,29 +1,19 @@
-package org.apache.atlas.keycloak.client;
+package org.apache.atlas.auth.client.keycloak;
+import org.apache.atlas.auth.client.config.AuthConfig;
import org.apache.atlas.AtlasErrorCode;
import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.keycloak.client.config.KeycloakConfig;
-import org.apache.atlas.keycloak.client.config.KeycloakConfigBuilder;
import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.lang.StringUtils;
-import org.codehaus.jettison.json.JSONException;
-import org.codehaus.jettison.json.JSONObject;
import org.keycloak.representations.idm.*;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.File;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
-import static org.apache.atlas.ApplicationProperties.ATLAS_CONFIGURATION_DIRECTORY_PROPERTY;
-
/**
* Keycloak client, deals with token creation refresh.
*/
@@ -31,14 +21,6 @@ public final class AtlasKeycloakClient {
public final static Logger LOG = LoggerFactory.getLogger(AtlasKeycloakClient.class);
- private final static String KEYCLOAK_PROPERTIES = "keycloak.json";
- private final static String DEFAULT_GRANT_TYPE = "client_credentials";
- private final static String KEY_REALM_ID = "realm";
- private final static String KEY_AUTH_SERVER_URL = "auth-server-url";
- private final static String KEY_CLIENT_ID = "resource";
- private final static String KEY_CREDENTIALS = "credentials";
- private final static String KEY_SECRET = "secret";
-
private static KeycloakRestClient KEYCLOAK;
private static AtlasKeycloakClient KEYCLOAK_CLIENT;
@@ -183,13 +165,7 @@ public static AtlasKeycloakClient getKeycloakClient() throws AtlasBaseException
if (Objects.isNull(KEYCLOAK_CLIENT)) {
LOG.info("Initializing Keycloak client..");
try {
- init(getConfig());
- } catch (IOException e) {
- LOG.error("Failed to fetch Keycloak conf {}", e.getMessage());
- throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, e.getMessage());
- } catch (JSONException e) {
- LOG.error("Failed to parse Keycloak conf {}", e.getMessage());
- throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, e.getMessage());
+ init(AuthConfig.getConfig());
} catch (Exception e) {
LOG.error("Failed to connect to Keycloak {}", e.getMessage());
throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, e.getMessage());
@@ -201,7 +177,7 @@ public static AtlasKeycloakClient getKeycloakClient() throws AtlasBaseException
return KEYCLOAK_CLIENT;
}
- private static void init(KeycloakConfig config) {
+ private static void init(AuthConfig config) {
synchronized (AtlasKeycloakClient.class) {
if (KEYCLOAK_CLIENT == null) {
KEYCLOAK = new KeycloakRestClient(config);
@@ -209,30 +185,4 @@ private static void init(KeycloakConfig config) {
}
}
}
-
- private static KeycloakConfig getConfig() throws Exception {
- String confLocation = System.getProperty(ATLAS_CONFIGURATION_DIRECTORY_PROPERTY);
- File confFile;
- if (StringUtils.isNotEmpty(confLocation)) {
- confFile = new File(confLocation, KEYCLOAK_PROPERTIES);
-
- if (confFile.exists()) {
- String keyConf = new String(Files.readAllBytes(confFile.toPath()), StandardCharsets.UTF_8);
- JSONObject object = new JSONObject(keyConf);
-
- String REALM_ID = object.getString(KEY_REALM_ID);
- String AUTH_SERVER_URL = object.getString(KEY_AUTH_SERVER_URL) + "/";
- String CLIENT_ID = object.getString(KEY_CLIENT_ID);
- String GRANT_TYPE = DEFAULT_GRANT_TYPE;
- String CLIENT_SECRET = object.getJSONObject(KEY_CREDENTIALS).getString(KEY_SECRET);
-
- LOG.info("Keycloak conf: REALM_ID:{}, AUTH_SERVER_URL:{}", REALM_ID, AUTH_SERVER_URL);
- return KeycloakConfigBuilder.builder().realId(REALM_ID).authServerUrl(AUTH_SERVER_URL).clientId(CLIENT_ID).grantType(GRANT_TYPE).clientSecret(CLIENT_SECRET).build();
- } else {
- throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, "Keycloak configuration file not found in location " + confLocation);
- }
- } else {
- throw new AtlasBaseException(AtlasErrorCode.KEYCLOAK_INIT_FAILED, "Configuration location not found " + confLocation);
- }
- }
}
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/KeycloakRestClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/KeycloakRestClient.java
similarity index 54%
rename from client-keycloak/src/main/java/org/apache/atlas/keycloak/client/KeycloakRestClient.java
rename to client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/KeycloakRestClient.java
index 7cc1eea22f..c17d452ad4 100644
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/KeycloakRestClient.java
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/KeycloakRestClient.java
@@ -1,9 +1,10 @@
-package org.apache.atlas.keycloak.client;
+package org.apache.atlas.auth.client.keycloak;
+import org.apache.atlas.auth.client.auth.AbstractAuthClient;
import okhttp3.FormBody;
import okhttp3.RequestBody;
+import org.apache.atlas.auth.client.config.AuthConfig;
import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.keycloak.client.config.KeycloakConfig;
import org.keycloak.representations.idm.*;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import retrofit2.Response;
@@ -14,129 +15,130 @@
/**
* Keycloak Rest client wrapper used in atlas metastore
*/
-public final class KeycloakRestClient extends AbstractKeycloakClient {
+public final class KeycloakRestClient extends AbstractAuthClient {
private static final String TOKEN = "token";
private static final String CLIENT_ID = "client_id";
private static final String CLIENT_SECRET = "client_secret";
- public KeycloakRestClient(final KeycloakConfig keycloakConfig) {
- super(keycloakConfig);
+ public KeycloakRestClient(final AuthConfig authConfig) {
+
+ super(authConfig);
}
public Response> searchUserByUserName(String username) throws AtlasBaseException {
- return processResponse(this.retrofit.searchUserByUserName(this.keycloakConfig.getRealmId(), username));
+ return processResponse(this.retrofitKeycloakClient.searchUserByUserName(this.authConfig.getRealmId(), username));
}
public Response> getAllUsers(int start, int size) throws AtlasBaseException {
- return processResponse(this.retrofit.getAllUsers(this.keycloakConfig.getRealmId(), start, size));
+ return processResponse(this.retrofitKeycloakClient.getAllUsers(this.authConfig.getRealmId(), start, size));
}
public Response> getRoleUserMembers(String roleName) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleUserMembers(this.keycloakConfig.getRealmId(), roleName));
+ return processResponse(this.retrofitKeycloakClient.getRoleUserMembers(this.authConfig.getRealmId(), roleName));
}
public Response> getRoleUserMembers(String roleName, Integer start, Integer size) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleUserMembers(this.keycloakConfig.getRealmId(), roleName, start, size));
+ return processResponse(this.retrofitKeycloakClient.getRoleUserMembers(this.authConfig.getRealmId(), roleName, start, size));
}
public Response> searchGroupByName(String groupName, Integer start, Integer size) throws AtlasBaseException {
- return processResponse(this.retrofit.searchGroupByName(this.keycloakConfig.getRealmId(), groupName, start, size));
+ return processResponse(this.retrofitKeycloakClient.searchGroupByName(this.authConfig.getRealmId(), groupName, start, size));
}
public Response> getRoleGroupMembers(String roleName) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleGroupMembers(this.keycloakConfig.getRealmId(), roleName));
+ return processResponse(this.retrofitKeycloakClient.getRoleGroupMembers(this.authConfig.getRealmId(), roleName));
}
public Response> getRoleGroupMembers(String roleName, Integer first, Integer size) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleGroupMembers(this.keycloakConfig.getRealmId(), roleName, first, size));
+ return processResponse(this.retrofitKeycloakClient.getRoleGroupMembers(this.authConfig.getRealmId(), roleName, first, size));
}
public Response> getGroupsForUserById(String userId) throws AtlasBaseException {
- return processResponse(this.retrofit.getGroupsForUserById(this.keycloakConfig.getRealmId(), userId));
+ return processResponse(this.retrofitKeycloakClient.getGroupsForUserById(this.authConfig.getRealmId(), userId));
}
public void addRealmLevelRoleMappingsForGroup(String groupId, List roles) throws AtlasBaseException {
- processResponse(this.retrofit.addRealmLevelRoleMappingsForGroup(this.keycloakConfig.getRealmId(), groupId, roles));
+ processResponse(this.retrofitKeycloakClient.addRealmLevelRoleMappingsForGroup(this.authConfig.getRealmId(), groupId, roles));
}
public void deleteRealmLevelRoleMappingsForGroup(String groupId, List roles) throws AtlasBaseException {
- processResponse(this.retrofit.deleteRealmLevelRoleMappingsForGroup(this.keycloakConfig.getRealmId(), groupId, roles));
+ processResponse(this.retrofitKeycloakClient.deleteRealmLevelRoleMappingsForGroup(this.authConfig.getRealmId(), groupId, roles));
}
public Response> getAllRoles(int start, int size) throws AtlasBaseException {
- return processResponse(this.retrofit.getAllRoles(this.keycloakConfig.getRealmId(), start, size));
+ return processResponse(this.retrofitKeycloakClient.getAllRoles(this.authConfig.getRealmId(), start, size));
}
public void deleteRoleById(String roleId) throws AtlasBaseException {
- processResponse(this.retrofit.deleteRoleById(this.keycloakConfig.getRealmId(), roleId));
+ processResponse(this.retrofitKeycloakClient.deleteRoleById(this.authConfig.getRealmId(), roleId));
}
public void deleteRoleByName(String roleName) throws AtlasBaseException {
- processResponse(this.retrofit.deleteRoleByName(this.keycloakConfig.getRealmId(), roleName));
+ processResponse(this.retrofitKeycloakClient.deleteRoleByName(this.authConfig.getRealmId(), roleName));
}
public Response> addRealmLevelRoleMappingsForUser(String userId, List roles) throws AtlasBaseException {
- return processResponse(this.retrofit.addRealmLevelRoleMappingsForUser(this.keycloakConfig.getRealmId(), userId, roles));
+ return processResponse(this.retrofitKeycloakClient.addRealmLevelRoleMappingsForUser(this.authConfig.getRealmId(), userId, roles));
}
public void deleteRealmLevelRoleMappingsForUser(String userId, List roles) throws AtlasBaseException {
- processResponse(this.retrofit.deleteRealmLevelRoleMappingsForUser(this.keycloakConfig.getRealmId(), userId, roles));
+ processResponse(this.retrofitKeycloakClient.deleteRealmLevelRoleMappingsForUser(this.authConfig.getRealmId(), userId, roles));
}
public void createRole(RoleRepresentation roleRepresentation) throws AtlasBaseException {
- processResponse(this.retrofit.createRole(this.keycloakConfig.getRealmId(), roleRepresentation));
+ processResponse(this.retrofitKeycloakClient.createRole(this.authConfig.getRealmId(), roleRepresentation));
}
public void updateRole(String roleId, RoleRepresentation roleRepresentation) throws AtlasBaseException {
- processResponse(this.retrofit.updateRole(this.keycloakConfig.getRealmId(), roleId, roleRepresentation));
+ processResponse(this.retrofitKeycloakClient.updateRole(this.authConfig.getRealmId(), roleId, roleRepresentation));
}
public Response getRoleById(String roleId) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleById(this.keycloakConfig.getRealmId(), roleId));
+ return processResponse(this.retrofitKeycloakClient.getRoleById(this.authConfig.getRealmId(), roleId));
}
public Response getRoleByName(String roleName) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleByName(this.keycloakConfig.getRealmId(), roleName));
+ return processResponse(this.retrofitKeycloakClient.getRoleByName(this.authConfig.getRealmId(), roleName));
}
public Response> getAllRoles(Integer first, Integer max) throws AtlasBaseException {
- return processResponse(this.retrofit.getAllRoles(this.keycloakConfig.getRealmId(), first, max));
+ return processResponse(this.retrofitKeycloakClient.getAllRoles(this.authConfig.getRealmId(), first, max));
}
public Response> getRoleComposites(String roleName) throws AtlasBaseException {
- return processResponse(this.retrofit.getRoleComposites(this.keycloakConfig.getRealmId(), roleName));
+ return processResponse(this.retrofitKeycloakClient.getRoleComposites(this.authConfig.getRealmId(), roleName));
}
public void addComposites(String roleName, List roles) throws AtlasBaseException {
- processResponse(this.retrofit.addComposites(this.keycloakConfig.getRealmId(), roleName, roles));
+ processResponse(this.retrofitKeycloakClient.addComposites(this.authConfig.getRealmId(), roleName, roles));
}
public void deleteComposites(String roleName, List roles) throws AtlasBaseException {
- processResponse(this.retrofit.deleteComposites(this.keycloakConfig.getRealmId(), roleName, roles));
+ processResponse(this.retrofitKeycloakClient.deleteComposites(this.authConfig.getRealmId(), roleName, roles));
}
public Response> getAdminEvents(List operationTypes, String authRealm,
String authClient, String authUser, String authIpAddress,
String resourcePath, String dateFrom, String dateTo,
Integer first, Integer max) throws AtlasBaseException {
- return processResponse(this.retrofit.getAdminEvents(this.keycloakConfig.getRealmId(), operationTypes,
+ return processResponse(this.retrofitKeycloakClient.getAdminEvents(this.authConfig.getRealmId(), operationTypes,
authRealm, authClient, authUser, authIpAddress, resourcePath, dateFrom, dateTo, first, max));
}
public Response> getEvents(List type, String client, String user, String dateFrom,
String dateTo, String ipAddress, Integer first, Integer max) throws AtlasBaseException {
- return processResponse(this.retrofit.getEvents(this.keycloakConfig.getRealmId(), type, client, user, dateFrom, dateTo, ipAddress, first, max));
+ return processResponse(this.retrofitKeycloakClient.getEvents(this.authConfig.getRealmId(), type, client, user, dateFrom, dateTo, ipAddress, first, max));
}
public Response introspectToken(String token) throws AtlasBaseException {
- return processResponse(this.retrofit.introspectToken(this.keycloakConfig.getRealmId(), getIntrospectTokenRequest(token)));
+ return processResponse(this.retrofitKeycloakClient.introspectToken(this.authConfig.getRealmId(), getIntrospectTokenRequest(token)));
}
private RequestBody getIntrospectTokenRequest(String token) {
return new FormBody.Builder()
.addEncoded(TOKEN, token)
- .addEncoded(CLIENT_ID, this.keycloakConfig.getClientId())
- .addEncoded(CLIENT_SECRET, this.keycloakConfig.getClientSecret())
+ .addEncoded(CLIENT_ID, this.authConfig.getClientId())
+ .addEncoded(CLIENT_SECRET, this.authConfig.getClientSecret())
.build();
}
}
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/RetrofitKeycloakClient.java b/client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/RetrofitKeycloakClient.java
similarity index 99%
rename from client-keycloak/src/main/java/org/apache/atlas/keycloak/client/RetrofitKeycloakClient.java
rename to client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/RetrofitKeycloakClient.java
index c396c9368d..4fe8bb6ff5 100644
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/RetrofitKeycloakClient.java
+++ b/client-auth/src/main/java/org/apache/atlas/auth/client/keycloak/RetrofitKeycloakClient.java
@@ -1,4 +1,4 @@
-package org.apache.atlas.keycloak.client;
+package org.apache.atlas.auth.client.keycloak;
import okhttp3.RequestBody;
import org.keycloak.representations.AccessTokenResponse;
diff --git a/client-heracles/pom.xml b/client-heracles/pom.xml
new file mode 100644
index 0000000000..b812aefb65
--- /dev/null
+++ b/client-heracles/pom.xml
@@ -0,0 +1,75 @@
+
+
+
+
+
+ apache-atlas
+ org.apache.atlas
+ 3.0.0-SNAPSHOT
+
+ 4.0.0
+
+ client-heracles
+
+
+ 8
+ 8
+
+
+
+
+ org.keycloak
+ keycloak-core
+ ${keycloak-admin-client.version}
+
+
+ *
+ *
+
+
+
+
+ com.squareup.okhttp3
+ okhttp
+ ${okhttp3.version}
+
+
+ com.squareup.retrofit2
+ retrofit
+ ${retrofit.version}
+
+
+ com.squareup.retrofit2
+ converter-jackson
+ ${retrofit.version}
+
+
+ com.squareup.okhttp3
+ logging-interceptor
+ ${okhttp3.version}
+
+
+ org.apache.atlas
+ atlas-common
+
+
+
+
\ No newline at end of file
diff --git a/client-heracles/src/main/java/heracles/client/config/HeraclesConfig.java b/client-heracles/src/main/java/heracles/client/config/HeraclesConfig.java
new file mode 100644
index 0000000000..327b4bada9
--- /dev/null
+++ b/client-heracles/src/main/java/heracles/client/config/HeraclesConfig.java
@@ -0,0 +1,4 @@
+package main.java.heracles.client.config;
+
+public class HeraclesConfig {
+}
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/config/KeycloakConfig.java b/client-heracles/src/main/java/heracles/client/config/HeraclesConfigBuilder.java
similarity index 84%
rename from client-keycloak/src/main/java/org/apache/atlas/keycloak/client/config/KeycloakConfig.java
rename to client-heracles/src/main/java/heracles/client/config/HeraclesConfigBuilder.java
index 048d2fac71..863eec0021 100644
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/config/KeycloakConfig.java
+++ b/client-heracles/src/main/java/heracles/client/config/HeraclesConfigBuilder.java
@@ -1,6 +1,6 @@
-package org.apache.atlas.keycloak.client.config;
+package main.java.heracles.client.config;
-public final class KeycloakConfig {
+public class HeraclesConfigBuilder {
String authServerUrl;
String realmId;
@@ -27,5 +27,4 @@ public String getClientSecret() {
public String getGrantType() {
return grantType;
}
-
}
diff --git a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/config/KeycloakConfigBuilder.java b/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/config/KeycloakConfigBuilder.java
deleted file mode 100644
index 44583c59f3..0000000000
--- a/client-keycloak/src/main/java/org/apache/atlas/keycloak/client/config/KeycloakConfigBuilder.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.apache.atlas.keycloak.client.config;
-
-public final class KeycloakConfigBuilder {
-
- private String authServerUrl;
- private String realmId;
- private String clientId;
- private String clientSecret;
- private String grantType = "client_credentials";
-
- private KeycloakConfigBuilder() {
- }
-
- public static KeycloakConfigBuilder builder() {
- return new KeycloakConfigBuilder();
- }
-
- public KeycloakConfigBuilder authServerUrl(String authServerUrl) {
- this.authServerUrl = authServerUrl;
- return this;
- }
-
- public KeycloakConfigBuilder realId(String realId) {
- this.realmId = realId;
- return this;
- }
-
- public KeycloakConfigBuilder clientId(String clientId) {
- this.clientId = clientId;
- return this;
- }
-
- public KeycloakConfigBuilder clientSecret(String clientSecret) {
- this.clientSecret = clientSecret;
- return this;
- }
-
- public KeycloakConfigBuilder grantType(String grantType) {
- this.grantType = grantType;
- return this;
- }
-
- public KeycloakConfig build() {
- KeycloakConfig keycloakConfig = new KeycloakConfig();
- keycloakConfig.authServerUrl = authServerUrl;
- keycloakConfig.realmId = realmId;
- keycloakConfig.clientId = clientId;
- keycloakConfig.clientSecret = clientSecret;
- keycloakConfig.grantType = grantType;
- return keycloakConfig;
- }
-}
\ No newline at end of file
diff --git a/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java b/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
index 783c7ed177..545bf15739 100644
--- a/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
+++ b/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
@@ -108,7 +108,8 @@ public enum AtlasConfiguration {
PERSONA_POLICY_ASSET_MAX_LIMIT("atlas.persona.policy.asset.maxlimit", 1000),
ENABLE_KEYCLOAK_TOKEN_INTROSPECTION("atlas.canary.keycloak.token-introspection", false),
- KEYCLOAK_ADMIN_API_RESOURCE_PAGINATION_SIZE("atlas.keycloak.admin.resource-pagination-size", 500);
+ KEYCLOAK_ADMIN_API_RESOURCE_PAGINATION_SIZE("atlas.keycloak.admin.resource-pagination-size", 500),
+ HERACLES_API_SERVER_URL("atlas.heracles.api.server.url", "http://heracles-service.heracles.svc.cluster.local"),;
private static final Configuration APPLICATION_PROPERTIES;
diff --git a/pom.xml b/pom.xml
index 2fa1df6fb9..d5d89197b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -790,7 +790,7 @@
server-api
notification
client
- client-keycloak
+ client-auth
graphdb
repository
diff --git a/repository/pom.xml b/repository/pom.xml
index 7429fd6eae..0cce3d11d9 100755
--- a/repository/pom.xml
+++ b/repository/pom.xml
@@ -318,7 +318,7 @@
org.apache.atlas
- client-keycloak
+ client-auth
3.0.0-SNAPSHOT
diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java
index b994398c23..02fb63bbc8 100644
--- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java
+++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/ConnectionPreProcessor.java
@@ -55,7 +55,6 @@
import static org.apache.atlas.authorize.AtlasAuthorizerFactory.ATLAS_AUTHORIZER_IMPL;
import static org.apache.atlas.authorize.AtlasAuthorizerFactory.CURRENT_AUTHORIZER_IMPL;
-import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
import static org.apache.atlas.repository.Constants.ATTR_ADMIN_GROUPS;
import static org.apache.atlas.repository.Constants.ATTR_ADMIN_ROLES;
import static org.apache.atlas.repository.Constants.ATTR_ADMIN_USERS;
@@ -63,6 +62,7 @@
import static org.apache.atlas.repository.Constants.POLICY_ENTITY_TYPE;
import static org.apache.atlas.repository.Constants.QUALIFIED_NAME;
import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf;
+import static org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient.getKeycloakClient;
public class ConnectionPreProcessor implements PreProcessor {
private static final Logger LOG = LoggerFactory.getLogger(ConnectionPreProcessor.class);
diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java
index f579dc4ff7..77078f5c53 100644
--- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java
+++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/accesscontrol/PersonaPreProcessor.java
@@ -20,7 +20,7 @@
import org.apache.atlas.RequestContext;
import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.keycloak.client.AtlasKeycloakClient;
+import org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient;
import org.apache.atlas.model.instance.AtlasEntity;
import org.apache.atlas.model.instance.AtlasObjectId;
import org.apache.atlas.model.instance.AtlasStruct;
diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java
index 63e8ba4250..5dec4d3190 100644
--- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java
+++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/sql/QueryCollectionPreProcessor.java
@@ -58,7 +58,7 @@
import static org.apache.atlas.authorize.AtlasAuthorizerFactory.ATLAS_AUTHORIZER_IMPL;
import static org.apache.atlas.authorize.AtlasAuthorizerFactory.CURRENT_AUTHORIZER_IMPL;
-import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
+import static org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient.getKeycloakClient;
import static org.apache.atlas.repository.Constants.ATTR_ADMIN_GROUPS;
import static org.apache.atlas.repository.Constants.ATTR_ADMIN_USERS;
import static org.apache.atlas.repository.Constants.ATTR_VIEWER_GROUPS;
diff --git a/repository/src/main/java/org/apache/atlas/repository/store/users/KeycloakStore.java b/repository/src/main/java/org/apache/atlas/repository/store/users/KeycloakStore.java
index 3a5f1782f0..22e04cd751 100644
--- a/repository/src/main/java/org/apache/atlas/repository/store/users/KeycloakStore.java
+++ b/repository/src/main/java/org/apache/atlas/repository/store/users/KeycloakStore.java
@@ -33,8 +33,7 @@
import java.util.stream.Collectors;
import static org.apache.atlas.AtlasErrorCode.RESOURCE_NOT_FOUND;
-import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
-import static org.apache.atlas.repository.util.AccessControlUtils.INSTANCE_DOMAIN_KEY;
+import static org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient.getKeycloakClient;
public class KeycloakStore {
private static final Logger LOG = LoggerFactory.getLogger(KeycloakStore.class);
diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java
index b1cb307550..b491bb88ce 100644
--- a/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java
+++ b/webapp/src/main/java/org/apache/atlas/web/rest/MigrationREST.java
@@ -33,7 +33,7 @@
import java.util.*;
import java.util.stream.Collectors;
-import static org.apache.atlas.keycloak.client.AtlasKeycloakClient.getKeycloakClient;
+import static org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient.getKeycloakClient;
import static org.apache.atlas.repository.Constants.*;
@Path("migration")
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasKeycloakAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasKeycloakAuthenticationProvider.java
index 88523998cd..1a22038398 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasKeycloakAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasKeycloakAuthenticationProvider.java
@@ -18,7 +18,7 @@
import io.micrometer.core.instrument.Counter;
import org.apache.atlas.AtlasConfiguration;
-import org.apache.atlas.keycloak.client.AtlasKeycloakClient;
+import org.apache.atlas.auth.client.keycloak.AtlasKeycloakClient;
import org.apache.atlas.service.metrics.MetricUtils;
import org.apache.atlas.ApplicationProperties;
import org.apache.commons.configuration.Configuration;