diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml b/components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml index acbadbb28d6b..e9667cc8e370 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml @@ -37,6 +37,10 @@ org.wso2.carbon.identity.framework org.wso2.carbon.identity.core + + org.wso2.carbon.identity.framework + org.wso2.carbon.identity.secret.mgt.core + org.testng @@ -67,11 +71,15 @@ org.apache.commons.lang; version="${commons-lang.wso2.osgi.version.range}", org.apache.commons.logging; version="${import.package.version.commons.logging}", + org.apache.commons.collections; version="${commons-collections.wso2.osgi.version.range}", org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}", org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}", org.wso2.carbon.database.utils.jdbc;version="${org.wso2.carbon.database.utils.version.range}", org.wso2.carbon.identity.core.cache; version="${carbon.identity.package.import.version.range}", org.wso2.carbon.identity.core.util; version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.secret.mgt.core; version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.secret.mgt.core.exception; version="${carbon.identity.package.import.version.range}", + org.wso2.carbon.identity.secret.mgt.core.model; version="${carbon.identity.package.import.version.range}", org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}", diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementService.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementService.java index fe8518bb2f68..9f6416320bde 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementService.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementService.java @@ -20,6 +20,7 @@ import org.wso2.carbon.identity.action.management.exception.ActionMgtException; import org.wso2.carbon.identity.action.management.model.Action; +import org.wso2.carbon.identity.action.management.model.AuthType; import java.util.List; import java.util.Map; @@ -113,4 +114,17 @@ Action updateAction(String actionType, String actionId, Action action, String te * @throws ActionMgtException If an error occurs while retrieving the Action of a given Action ID. */ Action getActionByActionId(String actionId, String tenantDomain) throws ActionMgtException; + + /** + * Update the authentication of the action endpoint. + * + * @param actionType Action Type. + * @param actionId Action ID. + * @param authentication Authentication Information to be updated. + * @param tenantDomain Tenant domain. + * @return Action response after update. + * @throws ActionMgtException If an error occurs while updating action endpoint authentication information. + */ + Action updateActionEndpointAuthentication(String actionType, String actionId, AuthType authentication, + String tenantDomain) throws ActionMgtException; } diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementServiceImpl.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementServiceImpl.java index 55a29b429e06..012b6ebab4a0 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementServiceImpl.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionManagementServiceImpl.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.action.management; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.action.management.constant.ActionMgtConstants; @@ -26,6 +27,8 @@ import org.wso2.carbon.identity.action.management.exception.ActionMgtClientException; import org.wso2.carbon.identity.action.management.exception.ActionMgtException; import org.wso2.carbon.identity.action.management.model.Action; +import org.wso2.carbon.identity.action.management.model.AuthType; +import org.wso2.carbon.identity.action.management.model.EndpointConfig; import org.wso2.carbon.identity.action.management.util.ActionManagementUtil; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.core.util.IdentityUtil; @@ -44,6 +47,7 @@ public class ActionManagementServiceImpl implements ActionManagementService { private static final ActionManagementService INSTANCE = new ActionManagementServiceImpl(); private static final CacheBackedActionMgtDAO CACHE_BACKED_DAO = new CacheBackedActionMgtDAO(new ActionManagementDAOImpl()); + private static final ActionSecretProcessor ACTION_SECRET_PROCESSOR = new ActionSecretProcessor(); private ActionManagementServiceImpl() { } @@ -57,7 +61,7 @@ public static ActionManagementService getInstance() { public Action addAction(String actionType, Action action, String tenantDomain) throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Adding Action for Action Type: " + actionType); + LOG.debug(String.format("Adding Action for Action Type: %s.", actionType)); } String resolvedActionType = getActionTypeFromPath(actionType); // Check whether the maximum allowed actions per type is reached. @@ -71,7 +75,7 @@ public Action addAction(String actionType, Action action, String tenantDomain) t public List getActionsByActionType(String actionType, String tenantDomain) throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Retrieving Actions for Action Type: " + actionType); + LOG.debug(String.format("Retrieving Actions for Action Type: %s.", actionType)); } return CACHE_BACKED_DAO.getActionsByActionType(getActionTypeFromPath(actionType), IdentityTenantUtil.getTenantId(tenantDomain)); @@ -82,9 +86,10 @@ public Action updateAction(String actionType, String actionId, Action action, St throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Updating Action for Action Type: " + actionType + " and Action Id: " + actionId); + LOG.debug(String.format("Updating Action for Action Type: %s and Action ID: %s.", actionType, actionId)); } - checkIfActionExists(actionId, tenantDomain); + Action existingAction = checkIfActionExists(actionId, tenantDomain); + action = mergeActionWithExisting(action, existingAction); return CACHE_BACKED_DAO.updateAction(getActionTypeFromPath(actionType), actionId, action, IdentityTenantUtil.getTenantId(tenantDomain)); } @@ -93,10 +98,10 @@ public Action updateAction(String actionType, String actionId, Action action, St public void deleteAction(String actionType, String actionId, String tenantDomain) throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Deleting Action for Action Type: " + actionType + " and Action Id: " + actionId); + LOG.debug(String.format("Deleting Action for Action Type: %s and Action ID: %s", actionType, actionId)); } - checkIfActionExists(actionId, tenantDomain); - CACHE_BACKED_DAO.deleteAction(getActionTypeFromPath(actionType), actionId, + Action action = checkIfActionExists(actionId, tenantDomain); + CACHE_BACKED_DAO.deleteAction(getActionTypeFromPath(actionType), actionId, action, IdentityTenantUtil.getTenantId(tenantDomain)); } @@ -104,7 +109,7 @@ public void deleteAction(String actionType, String actionId, String tenantDomain public Action activateAction(String actionType, String actionId, String tenantDomain) throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Activating Action for Action Type: " + actionType + " and Action Id: " + actionId); + LOG.debug(String.format("Activating Action for Action Type: %s and Action ID: %s.", actionType, actionId)); } checkIfActionExists(actionId, tenantDomain); return CACHE_BACKED_DAO.activateAction(getActionTypeFromPath(actionType), actionId, @@ -115,7 +120,8 @@ public Action activateAction(String actionType, String actionId, String tenantDo public Action deactivateAction(String actionType, String actionId, String tenantDomain) throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Deactivating Action for Action Type: " + actionType + " and Action Id: " + actionId); + LOG.debug(String.format("Deactivating Action for Action Type: %s and Action ID: %s.", actionType, + actionId)); } checkIfActionExists(actionId, tenantDomain); return CACHE_BACKED_DAO.deactivateAction(getActionTypeFromPath(actionType), actionId, @@ -135,11 +141,25 @@ public Map getActionsCountPerType(String tenantDomain) throws A public Action getActionByActionId(String actionId, String tenantDomain) throws ActionMgtException { if (LOG.isDebugEnabled()) { - LOG.debug("Retrieving Action of Action Id: " + actionId); + LOG.debug(String.format("Retrieving Action of Action ID: %s", actionId)); } return CACHE_BACKED_DAO.getActionByActionId(actionId, IdentityTenantUtil.getTenantId(tenantDomain)); } + @Override + public Action updateActionEndpointAuthentication(String actionType, String actionId, AuthType authentication, + String tenantDomain) throws ActionMgtException { + + Action existingAction = checkIfActionExists(actionId, tenantDomain); + if (existingAction.getEndpoint().getAuthentication().getType().equals(authentication.getType())) { + // Only need to update the properties since the authType is same. + return updateEndpointAuthenticationProperties(actionType, actionId, authentication, tenantDomain); + } else { + // Need to update the authentication type and properties. + return updateEndpoint(actionType, actionId, existingAction, authentication, tenantDomain); + } + } + /** * Get Action Type from path. * @@ -181,11 +201,82 @@ private void validateMaxActionsPerType(String actionType, String tenantDomain) t * @param tenantDomain Tenant Domain. * @throws ActionMgtException If the action does not exist. */ - private void checkIfActionExists(String actionId, String tenantDomain) throws ActionMgtException { + private Action checkIfActionExists(String actionId, String tenantDomain) throws ActionMgtException { - if (CACHE_BACKED_DAO.getActionByActionId(actionId, IdentityTenantUtil.getTenantId(tenantDomain)) == null) { + Action action = CACHE_BACKED_DAO.getActionByActionId(actionId, IdentityTenantUtil.getTenantId(tenantDomain)); + if (action == null) { throw ActionManagementUtil.handleClientException( ActionMgtConstants.ErrorMessages.ERROR_NO_ACTION_CONFIGURED_ON_GIVEN_ID); } + return action; + } + + /** + * Merge the updating action with the existing action. + * + * @param updatingAction Action object with updating information. + * @param existingAction Action object with existing information. + * @return Action object with merged information. + */ + private Action mergeActionWithExisting(Action updatingAction, Action existingAction) { + + return new Action.ActionRequestBuilder() + .name(StringUtils.isEmpty(updatingAction.getName()) ? existingAction.getName() : + updatingAction.getName()) + .description(StringUtils.isEmpty(updatingAction.getDescription()) ? existingAction.getDescription() : + updatingAction.getDescription()) + .endpoint(new EndpointConfig.EndpointConfigBuilder() + .uri(StringUtils.isEmpty(updatingAction.getEndpoint().getUri()) ? + existingAction.getEndpoint().getUri() : updatingAction.getEndpoint().getUri()) + .build()) + .build(); + } + + /** + * Update the authentication type and properties of the action endpoint. + * + * @param actionType Action Type. + * @param actionId Action Id. + * @param existingAction Existing Action Information. + * @param authentication Authentication Information to be updated. + * @param tenantDomain Tenant Domain. + * @return Action response after update. + * @throws ActionMgtException If an error occurs while updating action endpoint authentication. + */ + private Action updateEndpoint(String actionType, String actionId, Action existingAction, + AuthType authentication, String tenantDomain) + throws ActionMgtException { + + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Updating endpoint authentication of Action Type: %s " + + "and Action ID: %s to AuthType: %s", actionType, actionId, authentication.getType().name())); + } + EndpointConfig endpoint = new EndpointConfig.EndpointConfigBuilder() + .uri(existingAction.getEndpoint().getUri()) + .authentication(authentication).build(); + return CACHE_BACKED_DAO.updateActionEndpoint(getActionTypeFromPath(actionType), actionId, endpoint, + existingAction.getEndpoint().getAuthentication(), IdentityTenantUtil.getTenantId(tenantDomain)); + } + + /** + * Update the authentication properties of the action endpoint. + * + * @param actionType Action Type. + * @param actionId Action Id. + * @param authentication Authentication Information to be updated. + * @param tenantDomain Tenant domain. + * @return Action response after update. + * @throws ActionMgtException If an error occurs while updating action endpoint authentication properties. + */ + private Action updateEndpointAuthenticationProperties(String actionType, String actionId, AuthType authentication, + String tenantDomain) throws ActionMgtException { + + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Updating endpoint authentication properties of Action Type: %s " + + "Action ID: %s and AuthType: %s", actionType, actionId, authentication.getType().name())); + } + return CACHE_BACKED_DAO.updateActionEndpointAuthProperties(actionId, authentication, + IdentityTenantUtil.getTenantId(tenantDomain)); + } } diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionSecretProcessor.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionSecretProcessor.java new file mode 100644 index 000000000000..861f085b8671 --- /dev/null +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/ActionSecretProcessor.java @@ -0,0 +1,230 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.action.management; + +import org.wso2.carbon.identity.action.management.internal.ActionMgtServiceComponentHolder; +import org.wso2.carbon.identity.action.management.model.AuthProperty; +import org.wso2.carbon.identity.action.management.model.AuthType; +import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementException; +import org.wso2.carbon.identity.secret.mgt.core.model.ResolvedSecret; +import org.wso2.carbon.identity.secret.mgt.core.model.Secret; +import org.wso2.carbon.identity.secret.mgt.core.model.SecretType; + +import java.util.ArrayList; +import java.util.List; + +import static org.wso2.carbon.identity.action.management.constant.ActionMgtConstants.IDN_SECRET_TYPE_ACTION_SECRETS; + +/** + * Action secrets processor service implementation. + */ +public class ActionSecretProcessor { + + public ActionSecretProcessor() { + } + + public List encryptAssociatedSecrets(AuthType authentication, String actionId) + throws SecretManagementException { + + List encryptedAuthProperties = new ArrayList<>(); + for (AuthProperty authProperty : authentication.getProperties()) { + if (!authProperty.getIsConfidential()) { + encryptedAuthProperties.add(authProperty); + } else { + encryptedAuthProperties.add(encryptProperty(authProperty, authentication.getType().name(), actionId)); + } + } + + return encryptedAuthProperties; + } + + public List decryptAssociatedSecrets(List authProperties, String authType, + String actionId) throws SecretManagementException { + + List decryptedAuthProperties = new ArrayList<>(); + for (AuthProperty authProperty : authProperties) { + if (!authProperty.getIsConfidential()) { + decryptedAuthProperties.add(authProperty); + } else { + decryptedAuthProperties.add(decryptProperty(authProperty, authType, actionId)); + } + } + + return decryptedAuthProperties; + } + + public void deleteAssociatedSecrets(AuthType authentication, String actionId) + throws SecretManagementException { + + for (AuthProperty authProperty : authentication.getProperties()) { + if (authProperty.getIsConfidential()) { + String secretName = buildSecretName(actionId, authentication.getType().name(), authProperty.getName()); + if (isSecretPropertyExists(secretName)) { + ActionMgtServiceComponentHolder.getInstance().getSecretManager() + .deleteSecret(IDN_SECRET_TYPE_ACTION_SECRETS, secretName); + } + } + } + } + + public List getPropertiesWithSecretReferences(List authProperties, String actionId, + String authType) throws SecretManagementException { + + List referenceUpdatedProperties = new ArrayList<>(); + for (AuthProperty prop : authProperties) { + if (!prop.getIsConfidential()) { + referenceUpdatedProperties.add(prop); + } else { + referenceUpdatedProperties.add(new AuthProperty.AuthPropertyBuilder() + .name(prop.getName()) + .isConfidential(prop.getIsConfidential()) + .value(buildSecretReference(buildSecretName(actionId, authType, prop.getName()))).build()); + } + } + + return referenceUpdatedProperties; + } + + /** + * Encrypt secret property. + * + * @param authProperty Authentication property object. + * @param authType Authentication Type + * @param actionId Action Id. + * @return Encrypted Auth Property if it is a confidential property. + * @throws SecretManagementException If an error occurs while encrypting the secret. + */ + private AuthProperty encryptProperty(AuthProperty authProperty, String authType, String actionId) + throws SecretManagementException { + + String secretName = buildSecretName(actionId, authType, authProperty.getName()); + if (isSecretPropertyExists(secretName)) { + updateExistingSecretProperty(secretName, authProperty); + } else { + addNewActionSecretProperty(secretName, authProperty); + } + + return new AuthProperty.AuthPropertyBuilder() + .name(authProperty.getName()) + .isConfidential(authProperty.getIsConfidential()) + .value(buildSecretReference(secretName)) + .build(); + } + + /** + * Decrypt secret property. + * + * @param authProperty Authentication property object. + * @param authType Authentication Type. + * @param actionId Action Id. + * @return Decrypted Auth Property if it is a confidential property. + * @throws SecretManagementException If an error occurs while decrypting the secret. + */ + private AuthProperty decryptProperty(AuthProperty authProperty, String authType, String actionId) + throws SecretManagementException { + + String secretName = buildSecretName(actionId, authType, authProperty.getName()); + if (!isSecretPropertyExists(secretName)) { + throw new SecretManagementException(String.format("Unable to find the Secret Property: %s of " + + "Auth Type: %s and Action ID: %s from the system.", authProperty.getName(), authType, actionId)); + } + ResolvedSecret resolvedSecret = ActionMgtServiceComponentHolder.getInstance().getSecretResolveManager() + .getResolvedSecret(IDN_SECRET_TYPE_ACTION_SECRETS, secretName); + + return new AuthProperty.AuthPropertyBuilder() + .name(authProperty.getName()) + .isConfidential(authProperty.getIsConfidential()) + .value(resolvedSecret.getResolvedSecretValue()) + .build(); + } + + /** + * Check whether the secret property exists. + * + * @param secretName Secret Name. + * @return True if the secret property exists. + * @throws SecretManagementException If an error occurs while checking the existence of the secret. + */ + private boolean isSecretPropertyExists(String secretName) throws SecretManagementException { + + return ActionMgtServiceComponentHolder.getInstance().getSecretManager() + .isSecretExist(IDN_SECRET_TYPE_ACTION_SECRETS, secretName); + } + + /** + * Create secret name. + * + * @param actionId Action Id. + * @param authType Authentication Type. + * @param authProperty Authentication Property. + * @return Secret Name. + */ + private String buildSecretName(String actionId, String authType, String authProperty) { + + return actionId + ":" + authType + ":" + authProperty; + } + + /** + * Create secret reference name. + * + * @param secretName Name of the secret. + * @return Secret reference name. + * @throws SecretManagementException If an error occurs while retrieving the secret type. + */ + private String buildSecretReference(String secretName) throws SecretManagementException { + + SecretType secretType = ActionMgtServiceComponentHolder.getInstance().getSecretManager() + .getSecretType(IDN_SECRET_TYPE_ACTION_SECRETS); + return secretType.getId() + ":" + secretName; + } + + /** + * Add new Secret for Action secret type. + * + * @param secretName Name of the secret. + * @param property Secret property. + * @throws SecretManagementException If an error occurs while adding the secret. + */ + private void addNewActionSecretProperty(String secretName, AuthProperty property) throws SecretManagementException { + + Secret secret = new Secret(); + secret.setSecretName(secretName); + secret.setSecretValue(property.getValue()); + ActionMgtServiceComponentHolder.getInstance().getSecretManager().addSecret(IDN_SECRET_TYPE_ACTION_SECRETS, + secret); + } + + /** + * Update an existing secret of Action secret type. + * + * @param secretName Name of the secret. + * @param property Secret property. + * @throws SecretManagementException If an error occurs while adding the secret. + */ + private void updateExistingSecretProperty(String secretName, AuthProperty property) + throws SecretManagementException { + + ResolvedSecret resolvedSecret = ActionMgtServiceComponentHolder.getInstance().getSecretResolveManager() + .getResolvedSecret(IDN_SECRET_TYPE_ACTION_SECRETS, secretName); + if (!resolvedSecret.getResolvedSecretValue().equals(property.getValue())) { + ActionMgtServiceComponentHolder.getInstance().getSecretManager() + .updateSecretValue(IDN_SECRET_TYPE_ACTION_SECRETS, secretName, property.getValue()); + } + } +} diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtConstants.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtConstants.java index 100cc205d2c5..f49b423ae738 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtConstants.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtConstants.java @@ -25,6 +25,7 @@ public class ActionMgtConstants { public static final String URI_ATTRIBUTE = "uri"; public static final String AUTHN_TYPE_ATTRIBUTE = "authnType"; + public static final String IDN_SECRET_TYPE_ACTION_SECRETS = "ACTION_API_ENDPOINT_AUTH_SECRETS"; /** * Error messages. @@ -65,7 +66,10 @@ public enum ErrorMessages { "Error while retrieving count of Actions per Action Type.", "Error while retrieving count of Actions per Action Type from the system."), ERROR_WHILE_RETRIEVING_ACTION_BASIC_INFO("65011", "Error while retrieving Action basic info.", - "Error while retrieving Action basic info from the system."),; + "Error while retrieving Action basic info from the system."), + ERROR_WHILE_DECRYPTING_ACTION_ENDPOINT_AUTH_PROPERTIES("65012", + "Error while decrypting Action Endpoint Authentication properties", + "Error while decrypting Action Endpoint Authentication properties in the system."); private final String code; private final String message; diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtSQLConstants.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtSQLConstants.java index 4d1685cb1791..bb267a2dc683 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtSQLConstants.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/constant/ActionMgtSQLConstants.java @@ -74,6 +74,9 @@ public static class Query { ":UUID; AND TYPE = :TYPE; AND TENANT_ID = :TENANT_ID;"; public static final String GET_ACTIONS_COUNT_PER_ACTION_TYPE = "SELECT TYPE, COUNT(UUID) AS COUNT" + " FROM IDN_ACTION WHERE TENANT_ID = :TENANT_ID; GROUP BY TYPE"; + public static final String UPDATE_ACTION_ENDPOINT_PROPERTIES = "UPDATE IDN_ACTION_ENDPOINT SET " + + "PROPERTY_VALUE = :PROPERTY_VALUE; WHERE ACTION_UUID = :ACTION_UUID; AND " + + "TENANT_ID = :TENANT_ID; AND PROPERTY_NAME = :PROPERTY_NAME;"; private Query() { diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/ActionManagementDAO.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/ActionManagementDAO.java index e45cf9b2f1b9..5929e5cdfd50 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/ActionManagementDAO.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/ActionManagementDAO.java @@ -20,6 +20,8 @@ import org.wso2.carbon.identity.action.management.exception.ActionMgtException; import org.wso2.carbon.identity.action.management.model.Action; +import org.wso2.carbon.identity.action.management.model.AuthType; +import org.wso2.carbon.identity.action.management.model.EndpointConfig; import java.util.List; import java.util.Map; @@ -68,10 +70,11 @@ public interface ActionManagementDAO { * * @param actionType Action Type. * @param actionId Action Id. + * @param action Action to be deleted. * @param tenantId Tenant Id. * @throws ActionMgtException If an error occurs while deleting Action. */ - void deleteAction(String actionType, String actionId, Integer tenantId) throws ActionMgtException; + void deleteAction(String actionType, String actionId, Action action, Integer tenantId) throws ActionMgtException; /** * Activate {@link Action} by given Action Type and Action ID. @@ -113,4 +116,30 @@ public interface ActionManagementDAO { * @throws ActionMgtException If an error occurs while retrieving the Action of a given Action ID. */ Action getActionByActionId(String actionId, Integer tenantId) throws ActionMgtException; + + /** + * Update the endpoint authentication properties of an {@link Action} by given Action ID. + * + * @param actionId Action ID. + * @param authentication Authentication information to be updated. + * @param tenantId Tenant Id. + * @return Updated Action. + * @throws ActionMgtException If an error occurs while updating the Action endpoint authentication properties. + */ + Action updateActionEndpointAuthProperties(String actionId, AuthType authentication, int tenantId) + throws ActionMgtException; + + /** + * Update the endpoint authentication properties of an {@link Action} by given Action ID. + * + * @param actionType Action Type. + * @param actionId Action ID. + * @param endpoint Endpoint information to be updated. + * @param currentAuthentication Current Action endpoint authentication information. + * @param tenantId Tenant Id. + * @return Updated Action. + * @throws ActionMgtException If an error occurs while updating the Action endpoint. + */ + Action updateActionEndpoint(String actionType, String actionId, EndpointConfig endpoint, + AuthType currentAuthentication, int tenantId) throws ActionMgtException; } diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/ActionManagementDAOImpl.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/ActionManagementDAOImpl.java index e6a9987bcace..e272e39ed9a4 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/ActionManagementDAOImpl.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/ActionManagementDAOImpl.java @@ -21,17 +21,20 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement; +import org.wso2.carbon.identity.action.management.ActionSecretProcessor; import org.wso2.carbon.identity.action.management.constant.ActionMgtConstants; import org.wso2.carbon.identity.action.management.constant.ActionMgtSQLConstants; import org.wso2.carbon.identity.action.management.dao.ActionManagementDAO; import org.wso2.carbon.identity.action.management.exception.ActionMgtException; import org.wso2.carbon.identity.action.management.exception.ActionMgtServerException; import org.wso2.carbon.identity.action.management.model.Action; +import org.wso2.carbon.identity.action.management.model.AuthProperty; import org.wso2.carbon.identity.action.management.model.AuthType; import org.wso2.carbon.identity.action.management.model.EndpointConfig; import org.wso2.carbon.identity.action.management.util.ActionManagementUtil; import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementException; import java.sql.Connection; import java.sql.ResultSet; @@ -40,6 +43,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.stream.Collectors; /** * This class implements the {@link ActionManagementDAO} interface. @@ -47,34 +51,51 @@ public class ActionManagementDAOImpl implements ActionManagementDAO { private static final Log LOG = LogFactory.getLog(ActionManagementDAOImpl.class); + private final ActionSecretProcessor actionSecretProcessor; + + public ActionManagementDAOImpl() { + + this.actionSecretProcessor = new ActionSecretProcessor(); + } @Override public Action addAction(String actionType, String actionId, Action action, Integer tenantId) throws ActionMgtException { Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true); - try (NamedPreparedStatement statement = new NamedPreparedStatement(dbConnection, - ActionMgtSQLConstants.Query.ADD_ACTION_TO_ACTION_TYPE)) { - - statement.setString(ActionMgtSQLConstants.Column.ACTION_UUID, actionId); - statement.setString(ActionMgtSQLConstants.Column.ACTION_TYPE, actionType); - statement.setString(ActionMgtSQLConstants.Column.ACTION_NAME, action.getName()); - statement.setString(ActionMgtSQLConstants.Column.ACTION_DESCRIPTION, action.getDescription()); - statement.setString(ActionMgtSQLConstants.Column.ACTION_STATUS, String.valueOf(Action.Status.ACTIVE)); - statement.setInt(ActionMgtSQLConstants.Column.TENANT_ID, tenantId); - statement.executeUpdate(); - - // Add Endpoint configuration properties. - addEndpointProperties(dbConnection, actionId, getEndpointProperties(action), tenantId); - IdentityDatabaseUtil.commitTransaction(dbConnection); - - return getActionByActionId(actionId, tenantId); - } catch (SQLException | ActionMgtException e) { - if (LOG.isDebugEnabled()) { - LOG.debug("Error while creating the action in action type: " + actionType + " in tenantDomain: " + - IdentityTenantUtil.getTenantDomain(tenantId) + ". Rolling back created action information."); + try { + try (NamedPreparedStatement statement = new NamedPreparedStatement(dbConnection, + ActionMgtSQLConstants.Query.ADD_ACTION_TO_ACTION_TYPE)) { + + statement.setString(ActionMgtSQLConstants.Column.ACTION_UUID, actionId); + statement.setString(ActionMgtSQLConstants.Column.ACTION_TYPE, actionType); + statement.setString(ActionMgtSQLConstants.Column.ACTION_NAME, action.getName()); + statement.setString(ActionMgtSQLConstants.Column.ACTION_DESCRIPTION, action.getDescription()); + statement.setString(ActionMgtSQLConstants.Column.ACTION_STATUS, String.valueOf(Action.Status.ACTIVE)); + statement.setInt(ActionMgtSQLConstants.Column.TENANT_ID, tenantId); + statement.executeUpdate(); + + // Encrypt secrets. + List encryptedAuthProperties = actionSecretProcessor + .encryptAssociatedSecrets(action.getEndpoint().getAuthentication(), actionId); + // Add Endpoint configuration properties. + addEndpointProperties(dbConnection, actionId, getEndpointProperties(action.getEndpoint().getUri(), + action.getEndpoint().getAuthentication().getType().name(), encryptedAuthProperties), tenantId); + IdentityDatabaseUtil.commitTransaction(dbConnection); + + return getActionByActionId(actionId, tenantId); + } catch (SQLException | ActionMgtException e) { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Error while creating the Action of Action Type: %s in Tenant Domain: %s." + + " Rolling back created action information and deleting added secrets.", actionType, + IdentityTenantUtil.getTenantDomain(tenantId))); + } + actionSecretProcessor.deleteAssociatedSecrets(action.getEndpoint().getAuthentication(), actionId); + IdentityDatabaseUtil.rollbackTransaction(dbConnection); + throw ActionManagementUtil.handleServerException( + ActionMgtConstants.ErrorMessages.ERROR_WHILE_ADDING_ACTION, e); } - IdentityDatabaseUtil.rollbackTransaction(dbConnection); + } catch (SecretManagementException e) { throw ActionManagementUtil.handleServerException( ActionMgtConstants.ErrorMessages.ERROR_WHILE_ADDING_ACTION, e); } finally { @@ -131,14 +152,16 @@ public Action updateAction(String actionType, String actionId, Action action, In statement.executeUpdate(); // Update Endpoint Properties. - updateActionEndpointProperties(dbConnection, actionId, getEndpointProperties(action), tenantId); + updateActionEndpointProperties(dbConnection, actionId, getEndpointProperties(action.getEndpoint().getUri(), + null, null), tenantId); IdentityDatabaseUtil.commitTransaction(dbConnection); return getActionByActionId(actionId, tenantId); } catch (SQLException | ActionMgtException e) { if (LOG.isDebugEnabled()) { - LOG.debug("Error while updating the action in action type: " + actionType + " in tenantDomain: " + - IdentityTenantUtil.getTenantDomain(tenantId) + ". Rolling back updated action information."); + LOG.debug(String.format("Error while updating the Action of Action Type: %s and Action ID: %s in" + + " Tenant Domain: %s. Rolling back updated action information.", actionType, actionId, + IdentityTenantUtil.getTenantDomain(tenantId))); } IdentityDatabaseUtil.rollbackTransaction(dbConnection); throw ActionManagementUtil.handleServerException( @@ -149,7 +172,8 @@ public Action updateAction(String actionType, String actionId, Action action, In } @Override - public void deleteAction(String actionType, String actionId, Integer tenantId) throws ActionMgtException { + public void deleteAction(String actionType, String actionId, Action action, Integer tenantId) + throws ActionMgtException { Connection dbConnection = IdentityDatabaseUtil.getDBConnection(false); try (NamedPreparedStatement statement = new NamedPreparedStatement(dbConnection, @@ -159,11 +183,15 @@ public void deleteAction(String actionType, String actionId, Integer tenantId) t statement.setString(ActionMgtSQLConstants.Column.ACTION_TYPE, actionType); statement.setInt(ActionMgtSQLConstants.Column.TENANT_ID, tenantId); statement.executeUpdate(); + + // Delete action endpoint authentication related secrets. + actionSecretProcessor.deleteAssociatedSecrets(action.getEndpoint().getAuthentication(), actionId); IdentityDatabaseUtil.commitTransaction(dbConnection); - } catch (SQLException e) { + } catch (SQLException | SecretManagementException e) { if (LOG.isDebugEnabled()) { - LOG.debug("Error while deleting the action in action type: " + actionType + " in tenantDomain: " + - IdentityTenantUtil.getTenantDomain(tenantId) + ". Rolling back deleted action information."); + LOG.debug(String.format("Error while deleting the Action of Action Type: %s and Action ID: %s in" + + " Tenant Domain: %s. Rolling back deleted action information.", actionType, actionId, + IdentityTenantUtil.getTenantDomain(tenantId))); } IdentityDatabaseUtil.rollbackTransaction(dbConnection); throw ActionManagementUtil.handleServerException( @@ -224,6 +252,78 @@ public Action getActionByActionId(String actionId, Integer tenantId) throws Acti } } + @Override + public Action updateActionEndpointAuthProperties(String actionId, AuthType authentication, int tenantId) + throws ActionMgtException { + + Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true); + try { + Map nonSecretEndpointProperties = authentication.getProperties().stream() + .filter(property -> !property.getIsConfidential()) + .collect(Collectors.toMap(AuthProperty::getName, AuthProperty::getValue)); + // Update non-secret endpoint properties. + updateActionEndpointProperties(dbConnection, actionId, nonSecretEndpointProperties, tenantId); + // Encrypt and update secret endpoint properties. + actionSecretProcessor.encryptAssociatedSecrets(authentication, actionId); + IdentityDatabaseUtil.commitTransaction(dbConnection); + + return getActionByActionId(actionId, tenantId); + } catch (ActionMgtException | SecretManagementException e) { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Error while updating the Action Endpoint Authentication Properties of " + + "Auth type: %s and Action ID: %s in Tenant Domain: %s. Rolling back updated action" + + " endpoint authentication properties.", authentication.getType(), actionId, + IdentityTenantUtil.getTenantDomain(tenantId))); + } + IdentityDatabaseUtil.rollbackTransaction(dbConnection); + throw ActionManagementUtil.handleServerException( + ActionMgtConstants.ErrorMessages.ERROR_WHILE_UPDATING_ENDPOINT_PROPERTIES, e); + } finally { + IdentityDatabaseUtil.closeConnection(dbConnection); + } + } + + @Override + public Action updateActionEndpoint(String actionType, String actionId, EndpointConfig endpoint, + AuthType currentAuthentication, int tenantId) + throws ActionMgtException { + + Connection dbConnection = IdentityDatabaseUtil.getDBConnection(true); + try (NamedPreparedStatement statement = new NamedPreparedStatement(dbConnection, + ActionMgtSQLConstants.Query.DELETE_ACTION_ENDPOINT_PROPERTIES)) { + + statement.setString(ActionMgtSQLConstants.Column.ACTION_ENDPOINT_UUID, actionId); + statement.setInt(ActionMgtSQLConstants.Column.TENANT_ID, tenantId); + statement.executeUpdate(); + + // Add new Endpoint configuration properties. + addEndpointProperties(dbConnection, actionId, getEndpointProperties(endpoint.getUri(), + endpoint.getAuthentication().getType().name(), + endpoint.getAuthentication().getPropertiesWithSecretReferences(actionId)), tenantId); + // Encrypt and add new endpoint properties secrets. + actionSecretProcessor.encryptAssociatedSecrets(endpoint.getAuthentication(), actionId); + + // Delete old secrets. + actionSecretProcessor.deleteAssociatedSecrets(currentAuthentication, actionId); + IdentityDatabaseUtil.commitTransaction(dbConnection); + + return getActionByActionId(actionId, tenantId); + } catch (SQLException | ActionMgtException | SecretManagementException e) { + if (LOG.isDebugEnabled()) { + LOG.debug(String.format("Error while updating the Action Endpoint Authentication from Auth type: %s" + + " to Auth type: %s of Action ID: %s in Tenant Domain: %s. Rolling back updated" + + " action endpoint authentication.", currentAuthentication.getType(), + endpoint.getAuthentication().getType(), actionId, + IdentityTenantUtil.getTenantDomain(tenantId))); + } + IdentityDatabaseUtil.rollbackTransaction(dbConnection); + throw ActionManagementUtil.handleServerException( + ActionMgtConstants.ErrorMessages.ERROR_WHILE_UPDATING_ENDPOINT_PROPERTIES, e); + } finally { + IdentityDatabaseUtil.closeConnection(dbConnection); + } + } + /** * Add Action Endpoint properties to the Database. * @@ -313,7 +413,8 @@ private EndpointConfig getActionEndpointConfigById(Connection dbConnection, Stri String endpointUri = null; AuthType.AuthenticationType authnType = null; - Map authnProperties = new HashMap<>(); + Map authnPropertiesMap = new HashMap<>(); + List authnProperties = new ArrayList<>(); while (rs.next()) { String propName = rs.getString(ActionMgtSQLConstants.Column.ACTION_ENDPOINT_PROPERTY_NAME); @@ -325,7 +426,19 @@ private EndpointConfig getActionEndpointConfigById(Connection dbConnection, Stri authnType = AuthType.AuthenticationType.valueOf(propValue); } else { // Authentication properties. - authnProperties.put(propName, propValue); + authnPropertiesMap.put(propName, propValue); + } + } + + if (authnType != null) { + for (AuthType.AuthenticationType.AuthenticationProperty property : authnType.getProperties()) { + if (authnPropertiesMap.containsKey(property.getName())) { + authnProperties.add(new AuthProperty.AuthPropertyBuilder() + .name(property.getName()) + .value(authnPropertiesMap.get(property.getName())) + .isConfidential(property.getIsConfidential()) + .build()); + } } } @@ -344,17 +457,25 @@ private EndpointConfig getActionEndpointConfigById(Connection dbConnection, Stri /** * Get Action Endpoint properties Map. * - * @param action Action Object. + * @param endpointUri Endpoint URI of the Action. + * @param authType Authentication Type of the Action. + * @param authProperties Authentication Properties of the Endpoint. * @return Endpoint Properties Map. */ - private Map getEndpointProperties(Action action) { + private Map getEndpointProperties(String endpointUri, String authType, + List authProperties) { Map endpointProperties = new HashMap<>(); - endpointProperties.put(ActionMgtConstants.URI_ATTRIBUTE, action.getEndpoint().getUri()); - endpointProperties.put(ActionMgtConstants.AUTHN_TYPE_ATTRIBUTE, - String.valueOf(action.getEndpoint().getAuthentication().getType())); - for (Map.Entry property : action.getEndpoint().getAuthentication().getProperties().entrySet()) { - endpointProperties.put(property.getKey(), String.valueOf(property.getValue())); + if (endpointUri != null) { + endpointProperties.put(ActionMgtConstants.URI_ATTRIBUTE, endpointUri); + } + if (authType != null) { + endpointProperties.put(ActionMgtConstants.AUTHN_TYPE_ATTRIBUTE, authType); + } + if (authProperties != null) { + for (AuthProperty property : authProperties) { + endpointProperties.put(property.getName(), property.getValue()); + } } return endpointProperties; @@ -365,7 +486,7 @@ private Map getEndpointProperties(Action action) { * * @param dbConnection DB Connection. * @param actionId UUID of the created Action. - * @param endpointProperties Endpoint Properties. + * @param endpointProperties Endpoint Properties to be updated. * @param tenantId Tenant ID. */ private void updateActionEndpointProperties(Connection dbConnection, String actionId, @@ -373,22 +494,24 @@ private void updateActionEndpointProperties(Connection dbConnection, String acti throws ActionMgtException { try (NamedPreparedStatement statement = new NamedPreparedStatement(dbConnection, - ActionMgtSQLConstants.Query.DELETE_ACTION_ENDPOINT_PROPERTIES)) { + ActionMgtSQLConstants.Query.UPDATE_ACTION_ENDPOINT_PROPERTIES)) { - statement.setString(ActionMgtSQLConstants.Column.ACTION_ENDPOINT_UUID, actionId); - statement.setInt(ActionMgtSQLConstants.Column.TENANT_ID, tenantId); - statement.executeUpdate(); - - // Add Endpoint configuration properties. - addEndpointProperties(dbConnection, actionId, endpointProperties, tenantId); - } catch (SQLException | ActionMgtException e) { + for (Map.Entry property : endpointProperties.entrySet()) { + statement.setString(ActionMgtSQLConstants.Column.ACTION_ENDPOINT_PROPERTY_VALUE, property.getValue()); + statement.setString(ActionMgtSQLConstants.Column.ACTION_ENDPOINT_UUID, actionId); + statement.setInt(ActionMgtSQLConstants.Column.TENANT_ID, tenantId); + statement.setString(ActionMgtSQLConstants.Column.ACTION_ENDPOINT_PROPERTY_NAME, property.getKey()); + statement.addBatch(); + } + statement.executeBatch(); + } catch (SQLException e) { throw ActionManagementUtil.handleServerException( ActionMgtConstants.ErrorMessages.ERROR_WHILE_UPDATING_ENDPOINT_PROPERTIES, e); } } /** - * Update Action Endpoint properties. + * Update Action Status. * * @param actionType Action Type. * @param actionId UUID of the Action. @@ -413,9 +536,9 @@ private Action changeActionStatus(String actionType, String actionId, String sta return getActionBasicInfoById(dbConnection, actionId, tenantId); } catch (SQLException e) { if (LOG.isDebugEnabled()) { - LOG.debug("Error while updating the action status in action type: " + actionType + - " in tenantDomain: " + IdentityTenantUtil.getTenantDomain(tenantId) + - ". Rolling back updated action status."); + LOG.debug(String.format("Error while updating the Action Status to %s of Action type: %s in " + + "Tenant Domain: %s. Rolling back updated action status.", status, actionType, + IdentityTenantUtil.getTenantDomain(tenantId))); } IdentityDatabaseUtil.rollbackTransaction(dbConnection); throw ActionManagementUtil.handleServerException( diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/CacheBackedActionMgtDAO.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/CacheBackedActionMgtDAO.java index 39bd62214930..f43184921506 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/CacheBackedActionMgtDAO.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/dao/impl/CacheBackedActionMgtDAO.java @@ -26,6 +26,8 @@ import org.wso2.carbon.identity.action.management.dao.ActionManagementDAO; import org.wso2.carbon.identity.action.management.exception.ActionMgtException; import org.wso2.carbon.identity.action.management.model.Action; +import org.wso2.carbon.identity.action.management.model.AuthType; +import org.wso2.carbon.identity.action.management.model.EndpointConfig; import java.util.List; import java.util.Map; @@ -94,10 +96,11 @@ public Action updateAction(String actionType, String actionId, Action action, In } @Override - public void deleteAction(String actionType, String actionId, Integer tenantId) throws ActionMgtException { + public void deleteAction(String actionType, String actionId, Action action, Integer tenantId) + throws ActionMgtException { actionCacheByType.clearCacheEntry(new ActionTypeCacheKey(actionType), tenantId); - actionManagementDAO.deleteAction(actionType, actionId, tenantId); + actionManagementDAO.deleteAction(actionType, actionId, action, tenantId); } @Override @@ -125,4 +128,21 @@ public Action getActionByActionId(String actionId, Integer tenantId) throws Acti return actionManagementDAO.getActionByActionId(actionId, tenantId); } + + @Override + public Action updateActionEndpointAuthProperties(String actionId, AuthType authentication, int tenantId) + throws ActionMgtException { + + return actionManagementDAO.updateActionEndpointAuthProperties(actionId, authentication, tenantId); + } + + @Override + public Action updateActionEndpoint(String actionType, String actionId, EndpointConfig endpoint, + AuthType currentAuthentication, int tenantId) + throws ActionMgtException { + + actionCacheByType.clearCacheEntry(new ActionTypeCacheKey(actionType), tenantId); + return actionManagementDAO.updateActionEndpoint(actionType, actionId, endpoint, currentAuthentication, + tenantId); + } } diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponent.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponent.java index 53b549a5d2e7..44fe7f894eac 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponent.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponent.java @@ -25,8 +25,13 @@ import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.Deactivate; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; +import org.osgi.service.component.annotations.ReferencePolicy; import org.wso2.carbon.identity.action.management.ActionManagementService; import org.wso2.carbon.identity.action.management.ActionManagementServiceImpl; +import org.wso2.carbon.identity.secret.mgt.core.SecretManager; +import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager; /** * Service component for the Action management. @@ -62,4 +67,38 @@ protected void deactivate(ComponentContext context) { LOG.error("Error while deactivating Action management component.", e); } } + + @Reference( + name = "org.wso2.carbon.identity.secret.mgt.core.SecretManager", + service = SecretManager.class, + cardinality = ReferenceCardinality.MANDATORY, + policy = ReferencePolicy.DYNAMIC, + unbind = "unsetSecretManager" + ) + private void setSecretManager(SecretManager secretManager) { + + ActionMgtServiceComponentHolder.getInstance().setSecretManager(secretManager); + } + + private void unsetSecretManager(SecretManager secretManager) { + + ActionMgtServiceComponentHolder.getInstance().setSecretManager(null); + } + + @Reference( + name = "org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager", + service = SecretResolveManager.class, + cardinality = ReferenceCardinality.MANDATORY, + policy = ReferencePolicy.DYNAMIC, + unbind = "unsetSecretResolveManager" + ) + private void setSecretResolveManager(SecretResolveManager secretResolveManager) { + + ActionMgtServiceComponentHolder.getInstance().setSecretResolveManager(secretResolveManager); + } + + private void unsetSecretResolveManager(SecretResolveManager secretResolveManager) { + + ActionMgtServiceComponentHolder.getInstance().setSecretResolveManager(null); + } } diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponentHolder.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponentHolder.java new file mode 100644 index 000000000000..5866841fdbaa --- /dev/null +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/internal/ActionMgtServiceComponentHolder.java @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.action.management.internal; + +import org.wso2.carbon.identity.secret.mgt.core.SecretManager; +import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager; + +/** + * Service component Holder for the Action management. + */ +public class ActionMgtServiceComponentHolder { + + private SecretManager secretManager; + private SecretResolveManager secretResolveManager; + + public static final ActionMgtServiceComponentHolder INSTANCE = new ActionMgtServiceComponentHolder(); + + private ActionMgtServiceComponentHolder() { + + } + + /** + * Get the instance of ActionMgtServiceComponentHolder. + * + * @return ActionMgtServiceComponentHolder instance. + */ + public static ActionMgtServiceComponentHolder getInstance() { + + return INSTANCE; + } + + /** + * Get the SecretManager. + * + * @return SecretManager instance. + */ + public SecretManager getSecretManager() { + + return secretManager; + } + + /** + * Set the SecretManager. + * + * @param secretManager SecretManager instance. + */ + public void setSecretManager(SecretManager secretManager) { + + this.secretManager = secretManager; + } + + /** + * Get the SecretResolveManager. + * + * @return SecretResolveManager instance. + */ + public SecretResolveManager getSecretResolveManager() { + + return secretResolveManager; + } + + /** + * Set the SecretResolveManager. + * + * @param secretResolveManager SecretResolveManager instance. + */ + public void setSecretResolveManager(SecretResolveManager secretResolveManager) { + + this.secretResolveManager = secretResolveManager; + } +} diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthProperty.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthProperty.java new file mode 100644 index 000000000000..afd37f3b7aff --- /dev/null +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthProperty.java @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.action.management.model; + +/** + * Authentication Property. + */ +public class AuthProperty { + + private String name; + private String value; + private boolean isConfidential; + + public AuthProperty() { + } + + public AuthProperty(AuthPropertyBuilder authPropertyBuilder) { + + this.name = authPropertyBuilder.name; + this.value = authPropertyBuilder.value; + this.isConfidential = authPropertyBuilder.isConfidential; + } + + public String getName() { + + return name; + } + + public String getValue() { + + return value; + } + + public boolean getIsConfidential() { + + return isConfidential; + } + + /** + * Authentication Property Builder. + */ + public static class AuthPropertyBuilder { + + private String name; + private String value; + private boolean isConfidential; + + public AuthPropertyBuilder name(String name) { + + this.name = name; + return this; + } + + public AuthPropertyBuilder value(String value) { + + this.value = value; + return this; + } + + public AuthPropertyBuilder isConfidential(boolean isConfidential) { + + this.isConfidential = isConfidential; + return this; + } + + public AuthProperty build() { + + return new AuthProperty(this); + } + } +} diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthType.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthType.java index 3710ebb1639a..9ea099ad2b12 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthType.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/AuthType.java @@ -18,8 +18,17 @@ package org.wso2.carbon.identity.action.management.model; -import java.util.HashMap; -import java.util.Map; +import org.apache.commons.collections.CollectionUtils; +import org.wso2.carbon.identity.action.management.ActionSecretProcessor; +import org.wso2.carbon.identity.action.management.constant.ActionMgtConstants; +import org.wso2.carbon.identity.action.management.exception.ActionMgtException; +import org.wso2.carbon.identity.action.management.util.ActionManagementUtil; +import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementException; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; /** * AuthType. @@ -31,33 +40,70 @@ public class AuthType { */ public enum AuthenticationType { - NONE("NONE", new String[]{}), - BEARER("BEARER", new String[]{"accessToken"}), - BASIC("BASIC", new String[]{"username", "password"}), - API_KEY("API_KEY", new String[]{"header", "value"}); + NONE("none", "NONE", Collections.emptyList()), + BEARER("bearer", "BEARER", Arrays.asList(AuthenticationProperty.ACCESS_TOKEN)), + BASIC("basic", "BASIC", + Arrays.asList(AuthenticationProperty.USERNAME, AuthenticationProperty.PASSWORD)), + API_KEY("apiKey", "API_KEY", + Arrays.asList(AuthenticationProperty.HEADER, AuthenticationProperty.VALUE)); + private final String pathParam; private final String type; - private final String[] properties; + private final List properties; - AuthenticationType(String type, String[] properties) { + AuthenticationType(String pathParam, String type, List properties) { + this.pathParam = pathParam; this.type = type; this.properties = properties; } + public String getPathParam() { + + return pathParam; + } + public String getType() { return type; } - public String[] getProperties() { + public List getProperties() { return properties; } + + /** + * Authentication Property. + */ + public enum AuthenticationProperty { + ACCESS_TOKEN("accessToken", true), + USERNAME("username", true), + PASSWORD("password", true), + HEADER("header", false), + VALUE("value", true); + + private final String name; + private final boolean isConfidential; + + AuthenticationProperty(String name, boolean isConfidential) { + this.name = name; + this.isConfidential = isConfidential; + } + + public String getName() { + return name; + } + + public boolean getIsConfidential() { + return isConfidential; + } + } } private AuthenticationType type; - private Map properties = null; + private List properties = null; + private final ActionSecretProcessor secretProcessor = new ActionSecretProcessor(); public AuthType() { } @@ -73,18 +119,35 @@ public AuthenticationType getType() { return type; } - public Map getProperties() { + public List getProperties() { return properties; } + public List getPropertiesWithDecryptedValues(String actionId) throws ActionMgtException { + + try { + return CollectionUtils.isEmpty(properties) ? properties : + secretProcessor.decryptAssociatedSecrets(properties, type.getType(), actionId); + } catch (SecretManagementException e) { + throw ActionManagementUtil.handleServerException( + ActionMgtConstants.ErrorMessages.ERROR_WHILE_DECRYPTING_ACTION_ENDPOINT_AUTH_PROPERTIES, e); + } + } + + public List getPropertiesWithSecretReferences(String actionId) throws SecretManagementException { + + return CollectionUtils.isEmpty(properties) ? properties : + secretProcessor.getPropertiesWithSecretReferences(properties, actionId, type.name()); + } + /** * AuthType builder. */ public static class AuthTypeBuilder { private AuthenticationType type; - private Map properties = null; + private List properties = null; public AuthTypeBuilder() { } @@ -95,18 +158,18 @@ public AuthTypeBuilder type(AuthenticationType type) { return this; } - public AuthTypeBuilder properties(Map properties) { + public AuthTypeBuilder properties(List properties) { this.properties = properties; return this; } - public AuthTypeBuilder addProperty(String key, String value) { + public AuthTypeBuilder addProperty(AuthProperty authProperty) { if (this.properties == null) { - this.properties = new HashMap<>(); + this.properties = new ArrayList<>(); } - this.properties.put(key, value); + this.properties.add(authProperty); return this; } diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/EndpointConfig.java b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/EndpointConfig.java index 96f99260abb7..7b97f6587f29 100644 --- a/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/EndpointConfig.java +++ b/components/action-mgt/org.wso2.carbon.identity.action.management/src/main/java/org/wso2/carbon/identity/action/management/model/EndpointConfig.java @@ -34,6 +34,7 @@ public EndpointConfig(EndpointConfigBuilder endpointConfigBuilder) { this.uri = endpointConfigBuilder.uri; this.authentication = endpointConfigBuilder.authentication; } + public String getUri() { return uri; diff --git a/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/exception/SecretManagementException.java b/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/exception/SecretManagementException.java index a5180b8d83a5..6b4170333367 100644 --- a/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/exception/SecretManagementException.java +++ b/components/secret-mgt/org.wso2.carbon.identity.secret.mgt.core/src/main/java/org/wso2/carbon/identity/secret/mgt/core/exception/SecretManagementException.java @@ -30,6 +30,11 @@ public SecretManagementException() { super(); } + public SecretManagementException(String message) { + + super(message); + } + public SecretManagementException(String message, String errorCode) { super(message); diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql index 3cb595a6d2d0..1a95b359c778 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/db2.sql @@ -1683,7 +1683,8 @@ INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'), ('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'), ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'), -('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials') +('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'), +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties') / CREATE TABLE IDN_SECRET ( diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql index 512c0190290f..7d210a3d7778 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql @@ -1125,7 +1125,8 @@ INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'), ('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'), ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'), -('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'); +('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'), +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties'); CREATE TABLE IF NOT EXISTS IDN_SECRET ( ID VARCHAR(255) NOT NULL, diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql index 4133fcb73ce6..22a2df06b6fb 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mssql.sql @@ -1250,7 +1250,8 @@ INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'), ('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'), ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'), -('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'); +('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'), +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties'); IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[IDN_SECRET]') AND TYPE IN (N'U')) diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql index 983096eeb180..57222a6474a3 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql-cluster.sql @@ -1287,7 +1287,8 @@ INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'), ('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'), ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'), -('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'); +('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'), +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties'); CREATE TABLE IF NOT EXISTS IDN_SECRET ( ID VARCHAR(255) NOT NULL, diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql index 28ff8e8d17b3..c5e279844d6b 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/mysql.sql @@ -1152,7 +1152,8 @@ INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'), ('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'), ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'), -('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'); +('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'), +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties'); CREATE TABLE IF NOT EXISTS IDN_SECRET ( ID VARCHAR(255) NOT NULL, diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql index f0c70ec7166f..9a115ffdfcca 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle.sql @@ -1861,6 +1861,8 @@ INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers') INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials') +INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties') SELECT 1 FROM dual / diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql index 441ebd6e4aaa..28ce61bb71af 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/oracle_rac.sql @@ -1743,6 +1743,8 @@ INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers') INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials') +INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties') SELECT 1 FROM dual / diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql index 992bcd68565f..0a59499a4aae 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/postgresql.sql @@ -1343,7 +1343,8 @@ INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES ('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'), ('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'), ('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'), -('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'); +('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'), +('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties'); DROP TABLE IF EXISTS IDN_SECRET; CREATE TABLE IDN_SECRET ( diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml index 3f9e6d9c5b3f..810f1806099a 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml @@ -2244,6 +2244,10 @@ /permission/admin/manage/identity/actionmgt/update internal_action_mgt_update + + /permission/admin/manage/identity/actionmgt/update + internal_action_mgt_update + /permission/admin/manage/identity/actionmgt/delete internal_action_mgt_delete diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 index 6b8a8b79cbbc..b77106e48260 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 @@ -3327,6 +3327,10 @@ /permission/admin/manage/identity/actionmgt/update internal_action_mgt_update + + /permission/admin/manage/identity/actionmgt/update + internal_action_mgt_update + /permission/admin/manage/identity/actionmgt/delete internal_action_mgt_delete diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml index cfcc40213f3e..9a713eb6cdef 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml @@ -1095,6 +1095,10 @@ internal_action_mgt_update + + /permission/admin/manage/identity/actionmgt/update + internal_action_mgt_update + internal_action_mgt_delete diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2 index 914413f4dddc..f867bfc26056 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2 +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/resource-access-control-v2.xml.j2 @@ -1151,6 +1151,10 @@ internal_action_mgt_update + + /permission/admin/manage/identity/actionmgt/update + internal_action_mgt_update + internal_action_mgt_delete