feat(services): Do not sync permissions in OrganizationService

The synchronization of permissions in Keycloak when an organization is
created or deleted is no longer needed for the new authorization
component. The dependency to an `AuthorizationService` instance can be
dropped.

Signed-off-by: Oliver Heger <[email protected]>

Author: oheger-bosch

core/src/test/kotlin/api/DownloadsRouteIntegrationTest.kt

@@ -34,7 +34,6 @@ import kotlin.time.Duration.Companion.minutes
 
 import kotlinx.datetime.Clock
 
-import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.KeycloakAuthorizationService
 import org.eclipse.apoapsis.ortserver.config.ConfigManager
 import org.eclipse.apoapsis.ortserver.model.OrtRun
 import org.eclipse.apoapsis.ortserver.model.RepositoryType
@@ -51,20 +50,10 @@ class DownloadsRouteIntegrationTest : AbstractIntegrationTest({
     var repositoryId = -1L
 
     beforeEach {
-        val authorizationService = KeycloakAuthorizationService(
-            keycloakClient,
-            dbExtension.db,
-            dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            dbExtension.fixtures.repositoryRepository,
-            keycloakGroupPrefix = ""
-        )
-
         val organizationService = OrganizationService(
             dbExtension.db,
             dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            authorizationService
+            dbExtension.fixtures.productRepository
         )
 
         val productService = ProductService(

core/src/test/kotlin/api/OrganizationsRouteIntegrationTest.kt

@@ -78,7 +78,6 @@ import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.roles.Or
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.roles.ProductRole
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.roles.Superuser
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.AuthorizationService
-import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.KeycloakAuthorizationService
 import org.eclipse.apoapsis.ortserver.core.SUPERUSER
 import org.eclipse.apoapsis.ortserver.core.TEST_USER
 import org.eclipse.apoapsis.ortserver.model.JobStatus
@@ -120,20 +119,10 @@ class OrganizationsRouteIntegrationTest : AbstractIntegrationTest({
     lateinit var productService: ProductService
 
     beforeEach {
-        authorizationService = KeycloakAuthorizationService(
-            keycloakClient,
-            dbExtension.db,
-            dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            dbExtension.fixtures.repositoryRepository,
-            keycloakGroupPrefix = ""
-        )
-
         organizationService = OrganizationService(
             dbExtension.db,
             dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            authorizationService
+            dbExtension.fixtures.productRepository
         )
 
         productService = ProductService(

core/src/test/kotlin/api/ProductsRouteIntegrationTest.kt

@@ -150,8 +150,7 @@ class ProductsRouteIntegrationTest : AbstractIntegrationTest({
         organizationService = OrganizationService(
             dbExtension.db,
             dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            authorizationService
+            dbExtension.fixtures.productRepository
         )
 
         pluginService = PluginService(dbExtension.db)

core/src/test/kotlin/api/RepositoriesRouteIntegrationTest.kt

@@ -84,7 +84,6 @@ import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.mapToMod
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.RepositoryPermission
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.roles.RepositoryRole
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.AuthorizationService
-import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.KeycloakAuthorizationService
 import org.eclipse.apoapsis.ortserver.components.pluginmanager.PluginOptionTemplate
 import org.eclipse.apoapsis.ortserver.components.pluginmanager.PluginService
 import org.eclipse.apoapsis.ortserver.components.pluginmanager.PluginType
@@ -127,20 +126,10 @@ class RepositoriesRouteIntegrationTest : AbstractIntegrationTest({
     var productId = -1L
 
     beforeEach {
-        authorizationService = KeycloakAuthorizationService(
-            keycloakClient,
-            dbExtension.db,
-            dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            dbExtension.fixtures.repositoryRepository,
-            keycloakGroupPrefix = ""
-        )
-
         val organizationService = OrganizationService(
             dbExtension.db,
             dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            authorizationService
+            dbExtension.fixtures.productRepository
         )
 
         pluginService = PluginService(dbExtension.db)

core/src/test/kotlin/api/RunsRouteIntegrationTest.kt

@@ -86,7 +86,6 @@ import org.eclipse.apoapsis.ortserver.api.v1.model.VulnerabilityRating
 import org.eclipse.apoapsis.ortserver.api.v1.model.VulnerabilityWithDetails
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.RepositoryPermission
 import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.roles.Superuser
-import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.KeycloakAuthorizationService
 import org.eclipse.apoapsis.ortserver.config.ConfigManager
 import org.eclipse.apoapsis.ortserver.dao.utils.toDatabasePrecision
 import org.eclipse.apoapsis.ortserver.logaccess.LogFileCriteria
@@ -150,20 +149,10 @@ class RunsRouteIntegrationTest : AbstractIntegrationTest({
     var repositoryId = -1L
 
     beforeEach {
-        val authorizationService = KeycloakAuthorizationService(
-            keycloakClient,
-            dbExtension.db,
-            dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            dbExtension.fixtures.repositoryRepository,
-            keycloakGroupPrefix = ""
-        )
-
         organizationService = OrganizationService(
             dbExtension.db,
             dbExtension.fixtures.organizationRepository,
-            dbExtension.fixtures.productRepository,
-            authorizationService
+            dbExtension.fixtures.productRepository
         )
 
         productService = ProductService(

services/hierarchy/build.gradle.kts

@@ -30,7 +30,6 @@ dependencies {
 
     api(libs.exposedCore)
 
-    implementation(projects.components.authorizationKeycloak.backend)
     implementation(projects.dao)
     implementation(projects.services.reportStorageService)
 

services/hierarchy/src/main/kotlin/OrganizationService.kt

@@ -19,9 +19,7 @@
 
 package org.eclipse.apoapsis.ortserver.services
 
-import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.AuthorizationService
 import org.eclipse.apoapsis.ortserver.dao.dbQuery
-import org.eclipse.apoapsis.ortserver.dao.dbQueryCatching
 import org.eclipse.apoapsis.ortserver.dao.repositories.product.ProductsTable
 import org.eclipse.apoapsis.ortserver.dao.repositories.repository.RepositoriesTable
 import org.eclipse.apoapsis.ortserver.model.Organization
@@ -34,66 +32,40 @@ import org.eclipse.apoapsis.ortserver.model.util.OptionalValue
 
 import org.jetbrains.exposed.sql.Database
 
-import org.slf4j.LoggerFactory
-
-private val logger = LoggerFactory.getLogger(OrganizationService::class.java)
-
 /**
  * A service providing functions for working with [organizations][Organization].
  */
 class OrganizationService(
     private val db: Database,
     private val organizationRepository: OrganizationRepository,
-    private val productRepository: ProductRepository,
-    private val authorizationService: AuthorizationService
+    private val productRepository: ProductRepository
 ) {
     /**
      * Create an organization.
      */
-    suspend fun createOrganization(name: String, description: String?): Organization = db.dbQueryCatching {
+    suspend fun createOrganization(name: String, description: String?): Organization = db.dbQuery {
         organizationRepository.create(name, description)
-    }.onSuccess { organization ->
-        runCatching {
-            authorizationService.createOrganizationPermissions(organization.id)
-            authorizationService.createOrganizationRoles(organization.id)
-        }.onFailure { e ->
-            logger.error("Error while creating Keycloak roles for organization '${organization.id}'.", e)
-        }
-    }.getOrThrow()
+    }
 
     /**
      * Create a product inside an [organization][organizationId].
      */
-    suspend fun createProduct(name: String, description: String?, organizationId: Long) = db.dbQueryCatching {
+    suspend fun createProduct(name: String, description: String?, organizationId: Long) = db.dbQuery {
         productRepository.create(name, description, organizationId)
-    }.onSuccess { product ->
-        runCatching {
-            authorizationService.createProductPermissions(product.id)
-            authorizationService.createProductRoles(product.id)
-        }.onFailure { e ->
-            logger.error("Error while creating Keycloak roles for product '${product.id}'.", e)
-        }
-    }.getOrThrow()
+    }
 
     /**
      * Delete an organization by [organizationId].
      */
-    suspend fun deleteOrganization(organizationId: Long): Unit = db.dbQueryCatching {
+    suspend fun deleteOrganization(organizationId: Long): Unit = db.dbQuery {
         if (productRepository.countForOrganization(organizationId) != 0L) {
             throw OrganizationNotEmptyException(
                 "Cannot delete organization '$organizationId', as it still contains products."
             )
         }
 
         organizationRepository.delete(organizationId)
-    }.onSuccess {
-        runCatching {
-            authorizationService.deleteOrganizationPermissions(organizationId)
-            authorizationService.deleteOrganizationRoles(organizationId)
-        }.onFailure { e ->
-            logger.error("Error while deleting Keycloak roles for organization '$organizationId'.", e)
-        }
-    }.getOrThrow()
+    }
 
     /**
      * Get an organization by [organizationId]. Returns null if the organization is not found.

services/hierarchy/src/test/kotlin/OrganizationServiceTest.kt

@@ -22,13 +22,6 @@ package org.eclipse.apoapsis.ortserver.services
 import io.kotest.core.spec.style.WordSpec
 import io.kotest.matchers.collections.shouldContainExactlyInAnyOrder
 
-import io.mockk.coEvery
-import io.mockk.coVerify
-import io.mockk.just
-import io.mockk.mockk
-import io.mockk.runs
-
-import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.service.AuthorizationService
 import org.eclipse.apoapsis.ortserver.dao.repositories.organization.DaoOrganizationRepository
 import org.eclipse.apoapsis.ortserver.dao.repositories.product.DaoProductRepository
 import org.eclipse.apoapsis.ortserver.dao.test.DatabaseTestExtension
@@ -51,60 +44,9 @@ class OrganizationServiceTest : WordSpec({
         fixtures = dbExtension.fixtures
     }
 
-    "createOrganization" should {
-        "create Keycloak roles" {
-            val authorizationService = mockk<AuthorizationService> {
-                coEvery { createOrganizationPermissions(any()) } just runs
-                coEvery { createOrganizationRoles(any()) } just runs
-            }
-
-            val service = OrganizationService(db, organizationRepository, productRepository, authorizationService)
-            val organization = service.createOrganization("name", "description")
-
-            coVerify(exactly = 1) {
-                authorizationService.createOrganizationPermissions(organization.id)
-                authorizationService.createOrganizationRoles(organization.id)
-            }
-        }
-    }
-
-    "createProduct" should {
-        "create Keycloak roles" {
-            val authorizationService = mockk<AuthorizationService> {
-                coEvery { createProductPermissions(any()) } just runs
-                coEvery { createProductRoles(any()) } just runs
-            }
-
-            val service = OrganizationService(db, organizationRepository, productRepository, authorizationService)
-            val product = service.createProduct("name", "description", fixtures.organization.id)
-
-            coVerify(exactly = 1) {
-                authorizationService.createProductPermissions(product.id)
-                authorizationService.createProductRoles(product.id)
-            }
-        }
-    }
-
-    "deleteOrganization" should {
-        "delete Keycloak roles" {
-            val authorizationService = mockk<AuthorizationService> {
-                coEvery { deleteOrganizationPermissions(any()) } just runs
-                coEvery { deleteOrganizationRoles(any()) } just runs
-            }
-
-            val service = OrganizationService(db, organizationRepository, productRepository, authorizationService)
-            service.deleteOrganization(fixtures.organization.id)
-
-            coVerify(exactly = 1) {
-                authorizationService.deleteOrganizationPermissions(fixtures.organization.id)
-                authorizationService.deleteOrganizationRoles(fixtures.organization.id)
-            }
-        }
-    }
-
     "getRepositoryIdsForOrganization" should {
         "return IDs for all repositories found in the products of the organization" {
-            val service = OrganizationService(db, organizationRepository, productRepository, mockk())
+            val service = OrganizationService(db, organizationRepository, productRepository)
 
             val orgId = fixtures.createOrganization().id