From ebf38917b85dafeb34606be5c8492f635bd07b85 Mon Sep 17 00:00:00 2001
From: Ganning Xu <ganningxu@gmail.com>
Date: Fri, 28 Feb 2025 13:27:11 -0500
Subject: [PATCH] update installation instructions (#414)

* update installation instructions

* added initialization of super tenant to TenantManagementController

* fixed formatting issues, readme changes from review, and git clone command
---
 README.md                                     | 89 ++++++-------------
 .../tenant/TenantManagementController.java    | 52 ++++++++---
 2 files changed, 70 insertions(+), 71 deletions(-)

diff --git a/README.md b/README.md
index 9d50b270f..bca87e246 100644
--- a/README.md
+++ b/README.md
@@ -48,70 +48,35 @@ Following diagram illustrate the architecture of the Custos Software.
 * Maven 3.6.x
 
 #### Clone the repository
-  ```
-    git clone -b develop https://github.com/apache/airavata-custos.git
-    
-  ```
-
-#### Build source code
-  
-  Following  command builds the Custos source code and create two docker images of custos_core_server and custos_integration_server
-  
-  ```
-    cd airavata-custos
-    mvn clean install
-  ```
-  
-#### Run Custos on docker
-  
-Following command starts Custos main services and its depend services. All services are listed below and you should be able to
-access them locally if all services are correctly started.
-
-  - Dependent Services
-    * Keycloak (http://localhost:8080/auth/)
-    * MySQL (0.0.0.0:3306)
-    * HashiCorp Vault (http://localhost:8201/)
-    * CILogon (Not available for local development)
-    
-  - Custos Services
-    * Custos Core Service (0.0.0.0:7001 (grpc port))
-    * Custos Integration Service (0.0.0.0:7000 (grpc port))
-    * Custos Rest Proxy (http://localhost:10000(envoy proxy)
-    
-  ```
-     cd custos-utilities/ide-integration/src/main/containers
-     docker-compose up
-  ```
-
-#### Bootstrapping Custos  Super Tenant
-  
-If all services were successfully ran. Custos bootstrap service needs to be run to create a  Super tenant to launch Custos Portal
-   ```
-    cd custos-utilities/custos-bootstrap-service/
-    mvn spring-boot:run
-   ```
-The above command should create the super tenant and it outputs super tenant credentials. Copy those credentials to configure
-Custos Portal.
-
-```
-Note: Make sure to clean up old databases for fresh start.
+```sh
+git clone https://github.com/apache/airavata-custos.git
 ```
 
-#### Install Custos Portal Locally
+#### Start Docker Containers (to run a development environment)
+Navigate to `/compose`, and start the following containers:
+- Keycloack (http://localhost:8080)
+- Custos DB (MySQL, http://localhost:3306)
+- Vault (http://localhost:8200)
+- Adminer (http://localhost:18080)
 
-Follow the following link to access portal deployment instructions
+```sh
+docker compose up -d
+```
 
-[Custos Portal](https://github.com/apache/airavata-custos-portal/blob/master/README.md)
+#### Configure Vault
+1. Go to the Vault's exposed port (http://localhost:8200) and walk through the configuration process. 
+   2. You'll need to save your initial root token and unsealed key.
+2. Place your root token in `/application/src/main/resources/application.yml`, under `spring.cloud.vault.token`
 
-You have to configure following properties in the .env file
+3. Install all dependencies through maven.
+   4. `mvn clean install`
+4. Run the CustosApplication class to bring up the backend.
+   5. `mvn spring-boot:run`
+5. Make a POST request to http://127.0.0.1:8081/api/v1/tenant-management/initialize (no headers, no body)
+6. Grab the client id and client secret from output on the backend.
 
-```
-CUSTOS_CLIENT_ID="SUPERT TENANT ID CREATED FROM ABOVE STEP"
-CUSTOS_CLIENT_SEC="SUPERT TENANT CREDENTIAL CREATED FROM ABOVE STEP"
-CUSTOS_API_URL="http://localhost:10000"
-CUSTOS_SUPER_CLIENT_ID="SUPERT TENANT ID CREATED FROM ABOVE STEP"
-UNDER_MAINTENANCE=False
-```
+#### You're all set!
+You can now make requests to Custos.
 
 ## Custos Integration With External Applications
 Custos can be integrated with external applications using Custos REST Endpoints, Python SDK, or Java SDK.
@@ -120,10 +85,11 @@ Custos can be integrated with external applications using Custos REST Endpoints,
 In order to perform this operation you need to have a already activated tenant in either Custos Managed Services or Your own deployment.
 Following instructions are given for locally deployed custos setup which can be extended to any deployment,
 
-####Initializing Custos Java SDK
+#### Initializing Custos Java SDK
 
 * Add maven dependency to your project
-```<dependency>
+```
+<dependency>
    <groupId>org.apache.custos</groupId>
    <artifactId>custos-java-sdk</artifactId>
    <version>1.1-SNAPSHOT</version>
@@ -201,4 +167,5 @@ series = {PEARC '22}
 We are thankfull to National Science Foundation(NSF) for funding this project.
 
 We are thankfull to  Trusted CI (https://www.trustedci.org/) for conducting the
-First Principles Vulnerability Assesment(FPVA) (https://dl.acm.org/doi/10.1145/1866835.1866852) for this software and providing the above architecture diagram and security improvements. 
\ No newline at end of file
+First Principles Vulnerability Assesment(FPVA) (https://dl.acm.org/doi/10.1145/1866835.1866852) for this software and providing the above architecture diagram and security improvements. 
+`
diff --git a/api/src/main/java/org/apache/custos/api/tenant/TenantManagementController.java b/api/src/main/java/org/apache/custos/api/tenant/TenantManagementController.java
index 05691ada1..2a0402d81 100644
--- a/api/src/main/java/org/apache/custos/api/tenant/TenantManagementController.java
+++ b/api/src/main/java/org/apache/custos/api/tenant/TenantManagementController.java
@@ -19,6 +19,7 @@
 
 package org.apache.custos.api.tenant;
 
+import org.apache.custos.core.constants.Constants;
 import org.apache.custos.core.credential.store.api.CredentialMetadata;
 import org.apache.custos.core.exception.UnauthorizedException;
 import org.apache.custos.core.federated.authentication.api.CacheManipulationRequest;
@@ -37,16 +38,7 @@
 import org.apache.custos.core.tenant.management.api.GetTenantRequest;
 import org.apache.custos.core.tenant.management.api.TenantValidationRequest;
 import org.apache.custos.core.tenant.management.api.UpdateTenantRequest;
-import org.apache.custos.core.tenant.profile.api.GetAllTenantsForUserRequest;
-import org.apache.custos.core.tenant.profile.api.GetAllTenantsForUserResponse;
-import org.apache.custos.core.tenant.profile.api.GetAllTenantsResponse;
-import org.apache.custos.core.tenant.profile.api.GetAttributeUpdateAuditTrailResponse;
-import org.apache.custos.core.tenant.profile.api.GetAuditTrailRequest;
-import org.apache.custos.core.tenant.profile.api.GetStatusUpdateAuditTrailResponse;
-import org.apache.custos.core.tenant.profile.api.GetTenantsRequest;
-import org.apache.custos.core.tenant.profile.api.Tenant;
-import org.apache.custos.core.tenant.profile.api.UpdateStatusRequest;
-import org.apache.custos.core.tenant.profile.api.UpdateStatusResponse;
+import org.apache.custos.core.tenant.profile.api.*;
 import org.apache.custos.service.auth.AuthClaim;
 import org.apache.custos.service.auth.TokenAuthorizer;
 import org.apache.custos.service.management.TenantManagementService;
@@ -401,6 +393,46 @@ public ResponseEntity<?> configureClient(@PathVariable("tenantId") int tenantId,
         return ResponseEntity.ok(response);
     }
 
+    @PostMapping("/initialize")
+    @Hidden
+    public ResponseEntity<CreateTenantResponse> initSuperTenant() {
+        // TODO - add validation for exactly one execution for (to deprecate)
+        // Will streamline this -- this function will be run at most once on application start
+        Tenant tenant = Tenant.newBuilder()
+                .setClientName("Custos Super Tenant")
+                .setRequesterEmail("xxxx@custos.com")
+                .setAdminFirstName("CUSTOS")
+                .setAdminLastName("ADMIN")
+                .setAdminEmail("xxxx@custos.com")
+                .setAdminUsername("custosadmin")
+                .setAdminPassword("custos@887")
+                .addAllContacts(List.of("xxxx@custos.com"))
+                .addAllRedirectUris(List.of("http://localhost:8080/", "http://localhost:5173/callback/",
+                        "http://127.0.0.1:5173/callback/", "http://127.0.0.1:8081/swagger-ui/oauth2-redirect.html",
+                        "http://localhost:8081/swagger-ui/oauth2-redirect.html",
+                        "http://localhost:3000/login/generic_oauth", "http://localhost:8000/hub/oauth_callback"))
+                .setClientUri("http://localhost:8080/")
+                .setScope("openid email profile cilogon")
+                .setDomain("localhost")
+                .setLogoUri("http://localhost:8080/")
+                .setComment("Custos bootstrapping Tenant")
+                .setApplicationType("web")
+                .build();
+
+        CreateTenantResponse response = tenantManagementService.createTenant(tenant);
+        UpdateStatusRequest request = UpdateStatusRequest
+                .newBuilder()
+                .setClientId(response.getClientId())
+                .setStatus(TenantStatus.ACTIVE)
+                .setSuperTenant(true)
+                .setUpdatedBy(Constants.SYSTEM)
+                .build();
+        UpdateStatusResponse updateStatusResponse = tenantManagementService.updateTenantStatus(request);
+        System.out.println("Client Id :" + response.getClientId() + " Client Secret :" + response.getClientSecret());
+        System.out.println(updateStatusResponse);
+        return ResponseEntity.ok().build();
+    }
+
 
     private Credentials getCredentials(AuthClaim claim) {
         return Credentials.newBuilder()