Initial deployment of da-admin-service-dev

Dockerfile

@@ -0,0 +1,27 @@
+FROM openjdk:21-jdk-slim
+
+WORKDIR /app
+
+# Install required packages
+RUN apt-get update && apt-get install -y \
+    curl \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy application files
+COPY . .
+
+# Build application (if build.gradle.kts exists)
+RUN if [ -f "build.gradle.kts" ]; then \
+        ./gradlew build -x test; \
+    fi
+
+# Expose port
+EXPOSE 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+    CMD curl -f http://localhost:8080/actuator/health || exit 1
+
+# Run application
+CMD ["java", "-jar", "build/libs/da-admin-service.jar"]

README.md

@@ -1,10 +1,38 @@
 ---
-title: Da Admin Service Dev
-emoji: 🚀
-colorFrom: indigo
-colorTo: red
+title: da-admin-service (dev)
+emoji: 🔧
+colorFrom: blue
+colorTo: green
 sdk: docker
-pinned: false
+app_port: 8080
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# da-admin-service - dev Environment
+
+This is the da-admin-service microservice deployed in the dev environment.
+
+## Features
+
+- RESTful API endpoints
+- Health monitoring via Actuator
+- JWT authentication integration
+- PostgreSQL database connectivity
+
+## API Documentation
+
+Once deployed, API documentation will be available at:
+- Swagger UI: https://huggingface.co/spaces/dalabsai/da-admin-service-dev/swagger-ui.html
+- Health Check: https://huggingface.co/spaces/dalabsai/da-admin-service-dev/actuator/health
+
+## Environment
+
+- **Environment**: dev
+- **Port**: 8080
+- **Java Version**: 21
+- **Framework**: Spring Boot
+
+## Deployment
+
+This service is automatically deployed via the DALab CI/CD pipeline.
+
+Last updated: 2025-06-16 23:39:48

build.gradle.kts

@@ -0,0 +1,70 @@
+plugins {
+    java
+    id("org.springframework.boot") version "3.2.5"
+    id("io.spring.dependency-management") version "1.1.4"
+}
+
+group = "com.dalab"
+version = "0.0.1-SNAPSHOT"
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_21
+}
+
+configurations {
+    compileOnly {
+        extendsFrom(configurations.annotationProcessor.get())
+    }
+}
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    // da-protos common entities and utilities
+    implementation(project(":da-protos"))
+    
+    implementation("org.springframework.boot:spring-boot-starter-actuator")
+    implementation("org.springframework.boot:spring-boot-starter-data-jpa")
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-validation")
+    implementation("org.springframework.boot:spring-boot-starter-web")
+    implementation("org.springframework.kafka:spring-kafka")
+    implementation("org.springframework.cloud:spring-cloud-starter-openfeign:4.1.1") // For Feign clients
+    implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0") // OpenAPI
+
+    // MapStruct for DTO mapping
+    implementation("org.mapstruct:mapstruct:1.5.5.Final")
+    annotationProcessor("org.mapstruct:mapstruct-processor:1.5.5.Final")
+
+    // Lombok for reduced boilerplate
+    compileOnly("org.projectlombok:lombok")
+    annotationProcessor("org.projectlombok:lombok")
+    annotationProcessor("org.projectlombok:lombok-mapstruct-binding:0.2.0") // If using Lombok with MapStruct
+
+    // Hypersistence Utils for JSONB and other advanced types
+    implementation("io.hypersistence:hypersistence-utils-hibernate-62:3.7.0") // For Hibernate 6.2.x used by Spring Boot 3.x
+
+    runtimeOnly("org.postgresql:postgresql")
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+    testImplementation("org.springframework.kafka:spring-kafka-test")
+    testImplementation("org.springframework.security:spring-security-test")
+
+    // Keycloak Admin Client (if direct Keycloak interaction is needed for users/roles)
+    implementation("org.keycloak:keycloak-admin-client:24.0.4") 
+}
+
+dependencyManagement {
+    imports {
+        mavenBom("org.springframework.cloud:spring-cloud-dependencies:2023.0.1")
+    }
+}
+
+tasks.withType<Test> {
+    useJUnitPlatform()
+}
+
+tasks.named<org.springframework.boot.gradle.tasks.bundling.BootJar>("bootJar") {
+    archiveFileName.set("${project.name}.jar")
+} 

src/main/docker/Dockerfile

@@ -0,0 +1,23 @@
+# Ultra-lean container using Google Distroless
+# Expected final size: ~120-180MB (minimal base + JRE + JAR only)
+
+FROM gcr.io/distroless/java21-debian12:nonroot
+
+# Set working directory
+WORKDIR /app
+
+# Copy JAR file
+COPY build/libs/da-admin-service.jar app.jar
+
+# Expose standard Spring Boot port
+EXPOSE 8080
+
+# Run application (distroless has no shell, so use exec form)
+ENTRYPOINT ["java", \
+    "-XX:+UseContainerSupport", \
+    "-XX:MaxRAMPercentage=75.0", \
+    "-XX:+UseG1GC", \
+    "-XX:+UseStringDeduplication", \
+    "-Djava.security.egd=file:/dev/./urandom", \
+    "-Dspring.backgroundpreinitializer.ignore=true", \
+    "-jar", "app.jar"]

src/main/docker/Dockerfile.alpine-jlink

@@ -0,0 +1,43 @@
+# Ultra-minimal Alpine + Custom JRE
+# Expected size: ~120-160MB
+
+# Stage 1: Create custom JRE with only needed modules
+FROM eclipse-temurin:21-jdk-alpine as jre-builder
+WORKDIR /app
+
+# Analyze JAR to find required modules
+COPY build/libs/*.jar app.jar
+RUN jdeps --ignore-missing-deps --print-module-deps app.jar > modules.txt
+
+# Create minimal JRE with only required modules
+RUN jlink \
+    --add-modules $(cat modules.txt),java.logging,java.xml,java.sql,java.naming,java.desktop,java.management,java.security.jgss,java.instrument \
+    --strip-debug \
+    --no-man-pages \
+    --no-header-files \
+    --compress=2 \
+    --output /custom-jre
+
+# Stage 2: Production image
+FROM alpine:3.19
+RUN apk add --no-cache tzdata && \
+    addgroup -g 1001 -S appgroup && \
+    adduser -u 1001 -S appuser -G appgroup
+
+# Copy custom JRE
+COPY --from=jre-builder /custom-jre /opt/java
+ENV JAVA_HOME=/opt/java
+ENV PATH="$JAVA_HOME/bin:$PATH"
+
+WORKDIR /app
+COPY build/libs/*.jar app.jar
+RUN chown appuser:appgroup app.jar
+
+USER appuser
+EXPOSE 8080
+
+ENTRYPOINT ["java", \
+    "-XX:+UseContainerSupport", \
+    "-XX:MaxRAMPercentage=70.0", \
+    "-XX:+UseG1GC", \
+    "-jar", "app.jar"]

src/main/docker/Dockerfile.layered

@@ -0,0 +1,34 @@
+# Ultra-optimized layered build using Distroless
+# Expected size: ~180-220MB with better caching
+
+FROM gcr.io/distroless/java21-debian12:nonroot as base
+
+# Stage 1: Extract JAR layers for optimal caching
+FROM eclipse-temurin:21-jdk-alpine as extractor
+WORKDIR /app
+COPY build/libs/*.jar app.jar
+RUN java -Djarmode=layertools -jar app.jar extract
+
+# Stage 2: Production image with extracted layers
+FROM base
+WORKDIR /app
+
+# Copy layers in dependency order (best caching)
+COPY --from=extractor /app/dependencies/ ./
+COPY --from=extractor /app/spring-boot-loader/ ./
+COPY --from=extractor /app/snapshot-dependencies/ ./
+COPY --from=extractor /app/application/ ./
+
+EXPOSE 8080
+
+# Optimized JVM settings for micro-containers
+ENTRYPOINT ["java", \
+    "-XX:+UseContainerSupport", \
+    "-XX:MaxRAMPercentage=70.0", \
+    "-XX:+UseG1GC", \
+    "-XX:+UseStringDeduplication", \
+    "-XX:+CompactStrings", \
+    "-Xshare:on", \
+    "-Djava.security.egd=file:/dev/./urandom", \
+    "-Dspring.backgroundpreinitializer.ignore=true", \
+    "org.springframework.boot.loader.JarLauncher"]

src/main/docker/Dockerfile.native

@@ -0,0 +1,20 @@
+# GraalVM Native Image - Ultra-fast startup, tiny size
+# Expected size: ~50-80MB, startup <100ms
+# Note: Requires native compilation support in Spring Boot
+
+# Stage 1: Native compilation
+FROM ghcr.io/graalvm/graalvm-ce:ol9-java21 as native-builder
+WORKDIR /app
+
+# Install native-image
+RUN gu install native-image
+
+# Copy source and build native executable
+COPY . .
+RUN ./gradlew nativeCompile
+
+# Stage 2: Minimal runtime
+FROM scratch
+COPY --from=native-builder /app/build/native/nativeCompile/app /app
+EXPOSE 8080
+ENTRYPOINT ["/app"]

src/main/java/com/dalab/adminservice/DaAdminServiceApplication.java

@@ -0,0 +1,15 @@
+package com.dalab.adminservice;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
+
+@SpringBootApplication
+@EnableFeignClients // Important for enabling Feign clients
+public class DaAdminServiceApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(DaAdminServiceApplication.class, args);
+    }
+
+} 

src/main/java/com/dalab/adminservice/client/IAutoarchivalTaskApiClient.java

@@ -0,0 +1,22 @@
+package com.dalab.adminservice.client;
+
+import java.util.List;
+
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import com.dalab.adminservice.dto.JobStatusDTO;
+
+/**
+ * Feign client for Autoarchival Task API
+ */
+@FeignClient(name = "da-autoarchival", url = "${dalab.services.autoarchival.url:http://localhost:8086}")
+public interface IAutoarchivalTaskApiClient {
+    
+    /**
+     * Get all archival tasks status
+     * @return List of job status DTOs
+     */
+    @GetMapping("/api/v1/autoarchival/archival/tasks")
+    List<JobStatusDTO> getArchivalTasks();
+} 

src/main/java/com/dalab/adminservice/client/IAutocomplianceJobApiClient.java

@@ -0,0 +1,19 @@
+package com.dalab.adminservice.client;
+
+import com.dalab.adminservice.dto.JobStatusDTO;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+import java.util.List;
+
+@FeignClient(name = "autocompliance-service", url = "${feign.client.config.autocompliance-service.url:/api/v1/compliance}") // Placeholder URL
+public interface IAutocomplianceJobApiClient {
+
+    // Assuming an endpoint like /api/v1/compliance/reports/jobs exists or will be created
+    @GetMapping("/reports/jobs")
+    List<JobStatusDTO> getComplianceReportJobs();
+
+    @GetMapping("/reports/jobs/{jobId}")
+    JobStatusDTO getComplianceReportJobById(@PathVariable("jobId") String jobId);
+} 

src/main/java/com/dalab/adminservice/client/IAutodeleteTaskApiClient.java

@@ -0,0 +1,22 @@
+package com.dalab.adminservice.client;
+
+import java.util.List;
+
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import com.dalab.adminservice.dto.JobStatusDTO;
+
+/**
+ * Feign client for Autodelete Task API
+ */
+@FeignClient(name = "da-autodelete", url = "${dalab.services.autodelete.url:http://localhost:8087}")
+public interface IAutodeleteTaskApiClient {
+    
+    /**
+     * Get all deletion tasks status
+     * @return List of job status DTOs
+     */
+    @GetMapping("/api/v1/autodelete/deletion/tasks")
+    List<JobStatusDTO> getDeletionTasks();
+} 

src/main/java/com/dalab/adminservice/client/IAutolabelJobApiClient.java

@@ -0,0 +1,22 @@
+package com.dalab.adminservice.client;
+
+import java.util.List;
+
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import com.dalab.adminservice.dto.JobStatusDTO;
+
+/**
+ * Feign client for Autolabel Job API
+ */
+@FeignClient(name = "da-autolabel", url = "${dalab.services.autolabel.url:http://localhost:8085}")
+public interface IAutolabelJobApiClient {
+    
+    /**
+     * Get all labeling jobs status
+     * @return List of job status DTOs
+     */
+    @GetMapping("/api/v1/autolabel/labeling/jobs")
+    List<JobStatusDTO> getAutolabelJobs();
+} 

src/main/java/com/dalab/adminservice/client/IDiscoveryJobApiClient.java

@@ -0,0 +1,23 @@
+package com.dalab.adminservice.client;
+
+import com.dalab.adminservice.dto.JobStatusDTO;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+
+import java.util.List;
+
+// The name "discovery-service" should match a Feign client configuration in application.properties
+// e.g., feign.client.config.discovery-service.url=http://da-discovery-service-host:port/api/v1/discovery
+// The path here is relative to the URL configured for the Feign client.
+@FeignClient(name = "discovery-service", url = "${feign.client.config.discovery-service.url:/api/v1/discovery}") // Placeholder URL
+public interface IDiscoveryJobApiClient {
+
+    // Assuming da-discovery exposes an endpoint like /api/v1/discovery/jobs that returns a list of its jobs
+    // and that its Job DTO is compatible or can be mapped to our common JobStatusDTO
+    @GetMapping("/jobs") // This path is relative to the Feign client's configured URL
+    List<JobStatusDTO> getDiscoveryJobs();
+
+    @GetMapping("/jobs/{jobId}")
+    JobStatusDTO getDiscoveryJobById(@PathVariable("jobId") String jobId);
+} 

src/main/java/com/dalab/adminservice/config/KeycloakAdminClientConfig.java

@@ -0,0 +1,58 @@
+package com.dalab.adminservice.config;
+
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class KeycloakAdminClientConfig {
+
+    @Value("${keycloak.auth-server-url}")
+    private String serverUrl;
+
+    @Value("${keycloak.realm}")
+    private String realm;
+
+    @Value("${keycloak.client-id}")
+    private String clientId;
+
+    @Value("${keycloak.client-secret:#{null}}") // Default to null if not provided
+    private String clientSecret;
+    
+    // Optional: If using password credentials grant type for admin client
+    @Value("${keycloak.admin.username:#{null}}")
+    private String adminUsername;
+
+    @Value("${keycloak.admin.password:#{null}}")
+    private String adminPassword;
+
+    @Bean
+    public Keycloak keycloakAdminClient() {
+        KeycloakBuilder builder = KeycloakBuilder.builder()
+                .serverUrl(serverUrl)
+                .realm(realm)
+                .clientId(clientId);
+                // ResteasyClient can be configured here if needed, e.g., for connection pooling
+                // .resteasyClient(ResteasyClientBuilder.newBuilder().build()); // Basic Resteasy client
+
+        if (clientSecret != null && !clientSecret.isEmpty()) {
+            builder.clientSecret(clientSecret);
+            // Ensure the client (e.g., admin-cli or your dedicated client) has "Service Accounts Enabled"
+            // and appropriate "Service Account Roles" (e.g., realm-management -> manage-users, view-users)
+            builder.grantType("client_credentials");
+        } else if (adminUsername != null && !adminUsername.isEmpty() && adminPassword != null && !adminPassword.isEmpty()){
+            // This is typically for direct admin user login, ensure this user has necessary permissions.
+            // The 'admin-cli' client itself might not allow password grant for other users.
+            // Prefer service account with client_credentials for backend services.
+            builder.username(adminUsername);
+            builder.password(adminPassword);
+            builder.grantType("password");
+        } else {
+            throw new IllegalStateException("Keycloak admin client not properly configured: Missing clientSecret or admin username/password.");
+        }
+        
+        return builder.build();
+    }
+} 

src/main/java/com/dalab/adminservice/config/SpringSecurityAuditorAware.java

@@ -0,0 +1 @@
+ 

src/main/java/com/dalab/adminservice/controller/CloudConnectionController.java

@@ -0,0 +1,97 @@
+package com.dalab.adminservice.controller;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.dalab.adminservice.dto.CloudConnectionDTO;
+import com.dalab.adminservice.dto.CloudConnectionTestResultDTO;
+import com.dalab.adminservice.service.ICloudConnectionService;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * REST controller for managing cloud connections
+ */
+@RestController
+@RequestMapping("/api/v1/admin/cloud-connections")
+@RequiredArgsConstructor
+@Slf4j
+@Tag(name = "Cloud Connection Management", description = "APIs for managing cloud connections")
+public class CloudConnectionController {
+
+    private final ICloudConnectionService cloudConnectionService;
+
+    @GetMapping
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Get all cloud connections")
+    public ResponseEntity<List<CloudConnectionDTO>> getAllCloudConnections() {
+        log.debug("Getting all cloud connections");
+        List<CloudConnectionDTO> connections = cloudConnectionService.getAllCloudConnections();
+        return ResponseEntity.ok(connections);
+    }
+
+    @GetMapping("/{connectionId}")
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Get cloud connection by ID")
+    public ResponseEntity<CloudConnectionDTO> getCloudConnectionById(@PathVariable String connectionId) {
+        log.debug("Getting cloud connection with id: {}", connectionId);
+        Optional<CloudConnectionDTO> connection = cloudConnectionService.getCloudConnectionById(connectionId);
+        return connection.map(ResponseEntity::ok)
+                .orElse(ResponseEntity.notFound().build());
+    }
+
+    @PostMapping
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Create new cloud connection")
+    public ResponseEntity<CloudConnectionDTO> createCloudConnection(@Valid @RequestBody CloudConnectionDTO cloudConnectionDTO) {
+        log.debug("Creating new cloud connection: {}", cloudConnectionDTO.getName());
+        CloudConnectionDTO created = cloudConnectionService.createCloudConnection(cloudConnectionDTO);
+        return ResponseEntity.status(HttpStatus.CREATED).body(created);
+    }
+
+    @PutMapping("/{connectionId}")
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Update cloud connection")
+    public ResponseEntity<CloudConnectionDTO> updateCloudConnection(
+            @PathVariable String connectionId,
+            @Valid @RequestBody CloudConnectionDTO cloudConnectionDTO) {
+        log.debug("Updating cloud connection with id: {}", connectionId);
+        CloudConnectionDTO updated = cloudConnectionService.updateCloudConnection(connectionId, cloudConnectionDTO);
+        return ResponseEntity.ok(updated);
+    }
+
+    @DeleteMapping("/{connectionId}")
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Delete cloud connection")
+    public ResponseEntity<Void> deleteCloudConnection(@PathVariable String connectionId) {
+        log.debug("Deleting cloud connection with id: {}", connectionId);
+        cloudConnectionService.deleteCloudConnection(connectionId);
+        return ResponseEntity.noContent().build();
+    }
+
+    @PostMapping("/{connectionId}/test")
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Test cloud connection")
+    public ResponseEntity<CloudConnectionTestResultDTO> testCloudConnection(@PathVariable String connectionId) {
+        log.debug("Testing cloud connection with id: {}", connectionId);
+        CloudConnectionTestResultDTO result = cloudConnectionService.testCloudConnection(connectionId);
+        return ResponseEntity.ok(result);
+    }
+} 

src/main/java/com/dalab/adminservice/controller/JobStatusController.java

@@ -0,0 +1,35 @@
+package com.dalab.adminservice.controller;
+
+import com.dalab.adminservice.dto.AggregatedJobStatusDTO;
+import com.dalab.adminservice.service.IJobStatusService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/admin/job-statuses")
+@RequiredArgsConstructor
+@Tag(name = "Job Status Management", description = "APIs for viewing aggregated job statuses across services.")
+public class JobStatusController {
+
+    private final IJobStatusService jobStatusService;
+
+    @GetMapping
+    @PreAuthorize("hasAnyRole('ADMIN', 'VIEWER')") // Or more specific roles as needed
+    @Operation(summary = "Get Aggregated Job Statuses",
+               description = "Retrieves a list of all jobs from various microservices and their statuses.",
+               responses = {
+                   @ApiResponse(responseCode = "200", description = "Successfully retrieved job statuses"),
+                   @ApiResponse(responseCode = "500", description = "Internal server error while fetching statuses")
+               })
+    public ResponseEntity<AggregatedJobStatusDTO> getAggregatedJobStatuses() {
+        AggregatedJobStatusDTO aggregatedStatus = jobStatusService.getAggregatedJobStatuses();
+        return ResponseEntity.ok(aggregatedStatus);
+    }
+} 

src/main/java/com/dalab/adminservice/controller/RoleController.java

@@ -0,0 +1,33 @@
+package com.dalab.adminservice.controller;
+
+import com.dalab.adminservice.dto.RoleDTO;
+import com.dalab.adminservice.service.IRoleService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/v1/admin/roles")
+@RequiredArgsConstructor
+@Tag(name = "Role Management", description = "APIs for viewing available roles.")
+@PreAuthorize("hasRole('ADMIN')")
+public class RoleController {
+
+    private final IRoleService roleService;
+
+    @GetMapping
+    @Operation(summary = "Get all available realm roles",
+               description = "Retrieves a list of all available roles in the configured Keycloak realm.",
+               responses = @ApiResponse(responseCode = "200", description = "Successfully retrieved roles"))
+    public ResponseEntity<List<RoleDTO>> getAllRealmRoles() {
+        return ResponseEntity.ok(roleService.getAllRealmRoles());
+    }
+} 

src/main/java/com/dalab/adminservice/controller/ServiceConfigController.java

@@ -0,0 +1,76 @@
+package com.dalab.adminservice.controller;
+
+import java.util.List;
+import java.util.Optional;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.dalab.adminservice.dto.ServiceConfigDTO;
+import com.dalab.adminservice.service.IServiceConfigService;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * REST controller for managing service configurations
+ */
+@RestController
+@RequestMapping("/api/v1/admin/config/services")
+@RequiredArgsConstructor
+@Slf4j
+@Tag(name = "Service Configuration Management", description = "APIs for managing service configurations")
+public class ServiceConfigController {
+
+    private final IServiceConfigService serviceConfigService;
+
+    @GetMapping
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Get all service configurations")
+    public ResponseEntity<List<ServiceConfigDTO>> getAllServiceConfigs() {
+        log.debug("Getting all service configurations");
+        List<ServiceConfigDTO> configs = serviceConfigService.getAllServiceConfigs();
+        return ResponseEntity.ok(configs);
+    }
+
+    @GetMapping("/{serviceId}")
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Get service configuration by service ID")
+    public ResponseEntity<ServiceConfigDTO> getServiceConfigById(@PathVariable String serviceId) {
+        log.debug("Getting service configuration for service: {}", serviceId);
+        Optional<ServiceConfigDTO> config = serviceConfigService.getServiceConfigById(serviceId);
+        return config.map(ResponseEntity::ok)
+                .orElse(ResponseEntity.notFound().build());
+    }
+
+    @PostMapping
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Create new service configuration")
+    public ResponseEntity<ServiceConfigDTO> createServiceConfig(@Valid @RequestBody ServiceConfigDTO serviceConfigDTO) {
+        log.debug("Creating new service configuration for service: {}", serviceConfigDTO.getServiceId());
+        ServiceConfigDTO created = serviceConfigService.createServiceConfig(serviceConfigDTO);
+        return ResponseEntity.status(HttpStatus.CREATED).body(created);
+    }
+
+    @PutMapping("/{serviceId}")
+    @PreAuthorize("hasRole('ADMIN')")
+    @Operation(summary = "Update service configuration")
+    public ResponseEntity<ServiceConfigDTO> updateServiceConfig(
+            @PathVariable String serviceId,
+            @Valid @RequestBody ServiceConfigDTO serviceConfigDTO) {
+        log.debug("Updating service configuration for service: {}", serviceId);
+        ServiceConfigDTO updated = serviceConfigService.updateServiceConfig(serviceId, serviceConfigDTO);
+        return ResponseEntity.ok(updated);
+    }
+} 

src/main/java/com/dalab/adminservice/controller/UserController.java

@@ -0,0 +1,126 @@
+package com.dalab.adminservice.controller;
+
+import com.dalab.adminservice.dto.UserDTO;
+import com.dalab.adminservice.service.IUserService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/v1/admin/users")
+@RequiredArgsConstructor
+@Tag(name = "User Management", description = "APIs for managing user accounts.")
+@PreAuthorize("hasRole('ADMIN')") // All user management operations require ADMIN role
+public class UserController {
+
+    private final IUserService userService;
+
+    @GetMapping
+    @Operation(summary = "Get all users",
+               description = "Retrieves a paginated list of all users.",
+               responses = @ApiResponse(responseCode = "200", description = "Successfully retrieved users"))
+    public ResponseEntity<List<UserDTO>> getAllUsers(
+            @Parameter(description = "Offset for pagination") @RequestParam(required = false) Integer firstResult,
+            @Parameter(description = "Maximum number of results per page") @RequestParam(required = false) Integer maxResults) {
+        return ResponseEntity.ok(userService.getAllUsers(firstResult, maxResults));
+    }
+
+    @GetMapping("/{userId}")
+    @Operation(summary = "Get user by ID",
+               description = "Retrieves a specific user by their ID.",
+               responses = {
+                   @ApiResponse(responseCode = "200", description = "Successfully retrieved user"),
+                   @ApiResponse(responseCode = "404", description = "User not found")
+               })
+    public ResponseEntity<UserDTO> getUserById(
+            @Parameter(description = "ID of the user to retrieve", example = "f47ac10b-58cc-4372-a567-0e02b2c3d479")
+            @PathVariable String userId) {
+        return userService.getUserById(userId)
+                .map(ResponseEntity::ok)
+                .orElse(ResponseEntity.notFound().build());
+    }
+    
+    @GetMapping("/username/{username}")
+    @Operation(summary = "Get user by username",
+            description = "Retrieves a specific user by their username.",
+            responses = {
+                    @ApiResponse(responseCode = "200", description = "Successfully retrieved user"),
+                    @ApiResponse(responseCode = "404", description = "User not found")
+            })
+    public ResponseEntity<UserDTO> getUserByUsername(
+            @Parameter(description = "Username of the user to retrieve", example = "johndoe")
+            @PathVariable String username) {
+        return userService.getUserByUsername(username)
+                .map(ResponseEntity::ok)
+                .orElse(ResponseEntity.notFound().build());
+    }
+
+    @PostMapping
+    @Operation(summary = "Create a new user",
+               description = "Creates a new user account.",
+               responses = {
+                   @ApiResponse(responseCode = "201", description = "User created successfully"),
+                   @ApiResponse(responseCode = "400", description = "Invalid input data"),
+                   @ApiResponse(responseCode = "409", description = "User already exists")
+               })
+    public ResponseEntity<UserDTO> createUser(@Valid @RequestBody UserDTO userDTO) {
+        UserDTO createdUser = userService.createUser(userDTO);
+        return ResponseEntity.status(HttpStatus.CREATED).body(createdUser);
+    }
+
+    @PutMapping("/{userId}")
+    @Operation(summary = "Update an existing user",
+               description = "Updates an existing user account.",
+               responses = {
+                   @ApiResponse(responseCode = "200", description = "User updated successfully"),
+                   @ApiResponse(responseCode = "400", description = "Invalid input data"),
+                   @ApiResponse(responseCode = "404", description = "User not found")
+               })
+    public ResponseEntity<UserDTO> updateUser(
+            @Parameter(description = "ID of the user to update") @PathVariable String userId,
+            @Valid @RequestBody UserDTO userDTO) {
+        UserDTO updatedUser = userService.updateUser(userId, userDTO);
+        return ResponseEntity.ok(updatedUser);
+    }
+
+    @DeleteMapping("/{userId}")
+    @Operation(summary = "Delete a user",
+               description = "Deletes a user account by their ID.",
+               responses = {
+                   @ApiResponse(responseCode = "204", description = "User deleted successfully"),
+                   @ApiResponse(responseCode = "404", description = "User not found")
+               })
+    public ResponseEntity<Void> deleteUser(
+            @Parameter(description = "ID of the user to delete") @PathVariable String userId) {
+        userService.deleteUser(userId);
+        return ResponseEntity.noContent().build();
+    }
+    
+    // Role Management specific to a user might be better here than a top-level /roles endpoint if it's always user-centric
+    @GetMapping("/{userId}/roles")
+    @Operation(summary = "Get user's realm roles",
+            description = "Retrieves the realm roles assigned to a specific user.")
+    public ResponseEntity<List<RoleRepresentation>> getUserRealmRoles(@PathVariable String userId) {
+        return ResponseEntity.ok(userService.getUserRealmRoles(userId));
+    }
+
+    @PostMapping("/{userId}/roles")
+    @Operation(summary = "Assign realm roles to user",
+            description = "Assigns a list of realm roles to a specific user. Replaces existing roles if not additive.")
+    @ResponseStatus(HttpStatus.NO_CONTENT)
+    public void assignRealmRolesToUser(
+            @PathVariable String userId,
+            @Parameter(description = "List of role names to assign") @RequestBody List<String> roleNames) {
+        userService.assignRealmRolesToUser(userId, roleNames);
+    }
+} 

src/main/java/com/dalab/adminservice/dto/AggregatedJobStatusDTO.java

@@ -0,0 +1,22 @@
+package com.dalab.adminservice.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class AggregatedJobStatusDTO {
+    private List<JobStatusDTO> jobs;
+    private int totalJobs;
+    private int pendingJobs;
+    private int runningJobs;
+    private int completedSuccessJobs;
+    private int completedFailedJobs;
+    // Add any other summary fields as needed
+} 

src/main/java/com/dalab/adminservice/dto/CloudConnectionDTO.java

@@ -0,0 +1,53 @@
+package com.dalab.adminservice.dto;
+
+import java.util.Map;
+
+import com.dalab.adminservice.model.enums.CloudProviderType;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Schema(description = "Represents a cloud connection configuration.")
+public class CloudConnectionDTO {
+
+    @Schema(description = "Unique identifier of the cloud connection, generated by the system.", example = "f47ac10b-58cc-4372-a567-0e02b2c3d479", accessMode = Schema.AccessMode.READ_ONLY)
+    private String id;
+
+    @NotBlank
+    @Size(max = 100)
+    @Schema(description = "User-defined name for this cloud connection.", example = "My Production GCP Connection")
+    private String name;
+
+    @Schema(description = "Optional description for the cloud connection.", example = "Main GCP project for production workloads")
+    private String description;
+
+    @NotNull
+    @Schema(description = "Type of the cloud provider.", example = "GCP")
+    private CloudProviderType providerType;
+
+    @Schema(description = "Key-value pairs for connection credentials and parameters (e.g., projectId, region, accessKey). Specific keys depend on the providerType. Sensitive values are write-only.")
+    private Map<String, String> connectionParameters; // e.g., { "projectId": "my-gcp-project", "region": "us-central1" }
+    
+    @Schema(description = "Service Account Key JSON or other sensitive credential details. This field is write-only and will not be returned in GET requests.", accessMode = Schema.AccessMode.WRITE_ONLY)
+    private String sensitiveCredentials; // e.g., GCP Service Account JSON, AWS Secret Key
+
+    @Schema(description = "Indicates if the connection is currently enabled.", example = "true", accessMode = Schema.AccessMode.READ_ONLY)
+    @Builder.Default
+    private boolean enabled = true;
+
+    @Schema(description = "Timestamp of the last successful connection test.", accessMode = Schema.AccessMode.READ_ONLY)
+    private String lastConnectionTestAt; // Using String for simplicity, can be LocalDateTime
+
+    @Schema(description = "Status of the last connection test (e.g., SUCCESS, FAILED).", accessMode = Schema.AccessMode.READ_ONLY)
+    private String lastConnectionTestStatus;
+} 

src/main/java/com/dalab/adminservice/dto/CloudConnectionTestResultDTO.java

@@ -0,0 +1,24 @@
+package com.dalab.adminservice.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@Schema(description = "Result of a cloud connection test operation.")
+public class CloudConnectionTestResultDTO {
+
+    @Schema(description = "Indicates whether the connection test was successful.", example = "true")
+    private boolean success;
+
+    @Schema(description = "A message detailing the test result, including error information if applicable.", example = "Connection to GCP project 'my-gcp-project' successful.")
+    private String message;
+
+    @Schema(description = "Timestamp of when the test was performed.")
+    private String testedAt; // Can be LocalDateTime
+} 

src/main/java/com/dalab/adminservice/dto/JobStatusDTO.java

@@ -0,0 +1,25 @@
+package com.dalab.adminservice.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDateTime;
+import java.util.Map;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class JobStatusDTO {
+    private String jobId;
+    private String serviceName; // Name of the service that owns the job
+    private String jobType; // e.g., "DISCOVERY_SCAN", "AUTOLABEL_TASK", "ARCHIVAL_JOB"
+    private String status; // e.g., "PENDING", "RUNNING", "COMPLETED_SUCCESS", "COMPLETED_FAILED", "UNKNOWN"
+    private LocalDateTime submittedAt;
+    private LocalDateTime startedAt;
+    private LocalDateTime completedAt;
+    private Map<String, Object> details; // Any service-specific details about the job
+    private String errorDetails; // Error message if the job failed
+}

src/main/java/com/dalab/adminservice/dto/RoleDTO.java

@@ -0,0 +1,21 @@
+package com.dalab.adminservice.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * DTO for role management operations.
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class RoleDTO {
+    
+    private String id;
+    private String name;
+    private String description;
+    
+} 

src/main/java/com/dalab/adminservice/dto/ServiceConfigDTO.java

@@ -0,0 +1,29 @@
+package com.dalab.adminservice.dto;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * DTO for service configuration management.
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class ServiceConfigDTO {
+    
+    @NotBlank
+    private String serviceId;
+    
+    private String displayName;
+    private String description;
+    private String version;
+    private String endpoint;
+    
+    @Builder.Default
+    private boolean enabled = true;
+    
+} 

src/main/java/com/dalab/adminservice/dto/UserDTO.java

@@ -0,0 +1,38 @@
+package com.dalab.adminservice.dto;
+
+import java.util.List;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * DTO for user management operations.
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserDTO {
+    
+    private String id;
+    
+    @NotBlank
+    private String username;
+    
+    @Email
+    private String email;
+    
+    private String firstName;
+    private String lastName;
+    private String password;
+    
+    @Builder.Default
+    private boolean enabled = true;
+    
+    private List<String> roles;
+    
+} 

src/main/java/com/dalab/adminservice/exception/ConflictException.java

@@ -0,0 +1,15 @@
+package com.dalab.adminservice.exception;
+
+/**
+ * Exception thrown when a conflict occurs during operations.
+ */
+public class ConflictException extends RuntimeException {
+    
+    public ConflictException(String message) {
+        super(message);
+    }
+    
+    public ConflictException(String message, Throwable cause) {
+        super(message, cause);
+    }
+} 

src/main/java/com/dalab/adminservice/exception/KeycloakAdminException.java

@@ -0,0 +1,8 @@
+package com.dalab.adminservice.exception;
+
+// Can be a generic runtime exception or extend a more specific one if needed
+public class KeycloakAdminException extends RuntimeException {
+    public KeycloakAdminException(String message, Throwable cause) {
+        super(message, cause);
+    }
+} 

src/main/java/com/dalab/adminservice/exception/NotFoundException.java

@@ -0,0 +1,11 @@
+package com.dalab.adminservice.exception;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(HttpStatus.NOT_FOUND)
+public class NotFoundException extends RuntimeException {
+    public NotFoundException(String message) {
+        super(message);
+    }
+} 

src/main/java/com/dalab/adminservice/mapper/CloudConnectionMapper.java

@@ -0,0 +1,53 @@
+package com.dalab.adminservice.mapper;
+
+import com.dalab.adminservice.dto.CloudConnectionDTO;
+import com.dalab.adminservice.model.CloudConnectionEntity;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.mapstruct.MappingTarget;
+import org.mapstruct.NullValuePropertyMappingStrategy;
+import org.mapstruct.ReportingPolicy;
+import org.mapstruct.factory.Mappers;
+
+import java.util.List;
+
+/**
+ * Mapper interface for converting between CloudConnectionEntity and CloudConnectionDTO.
+ */
+@Mapper(
+    componentModel = "spring",
+    unmappedTargetPolicy = ReportingPolicy.IGNORE,
+    nullValuePropertyMappingStrategy = NullValuePropertyMappingStrategy.IGNORE
+)
+public interface CloudConnectionMapper {
+
+    CloudConnectionMapper INSTANCE = Mappers.getMapper(CloudConnectionMapper.class);
+
+    // When mapping from Entity to DTO, ignore encryptedCredentials
+    @Mapping(target = "sensitiveCredentials", ignore = true)
+    CloudConnectionDTO toDto(CloudConnectionEntity entity);
+
+    List<CloudConnectionDTO> toDtoList(List<CloudConnectionEntity> entities);
+
+    // When mapping from DTO to Entity for creation/update, sensitiveCredentials from DTO will be handled by service for encryption
+    // The encryptedCredentials field in entity will be set by the service, not directly by mapper from DTO.sensitiveCredentials
+    @Mapping(target = "id", ignore = true) // ID is generated or path param
+    @Mapping(target = "encryptedCredentials", ignore = true) // Handled by service
+    @Mapping(target = "createdBy", ignore = true)
+    @Mapping(target = "createdDate", ignore = true)
+    @Mapping(target = "lastModifiedBy", ignore = true)
+    @Mapping(target = "lastModifiedDate", ignore = true)
+    @Mapping(target = "lastConnectionTestAt", ignore = true) // These are set by the system
+    @Mapping(target = "lastConnectionTestStatus", ignore = true)
+    void updateEntityFromDto(CloudConnectionDTO dto, @MappingTarget CloudConnectionEntity entity);
+
+    @Mapping(target = "id", ignore = true) // ID is generated
+    @Mapping(target = "encryptedCredentials", ignore = true) // Handled by service
+    @Mapping(target = "createdBy", ignore = true)
+    @Mapping(target = "createdDate", ignore = true)
+    @Mapping(target = "lastModifiedBy", ignore = true)
+    @Mapping(target = "lastModifiedDate", ignore = true)
+    @Mapping(target = "lastConnectionTestAt", ignore = true)
+    @Mapping(target = "lastConnectionTestStatus", ignore = true)
+    CloudConnectionEntity toEntity(CloudConnectionDTO dto);
+} 

src/main/java/com/dalab/adminservice/mapper/RoleMapper.java

@@ -0,0 +1,19 @@
+package com.dalab.adminservice.mapper;
+
+import com.dalab.adminservice.dto.RoleDTO;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.mapstruct.Mapper;
+import org.mapstruct.ReportingPolicy;
+
+import java.util.List;
+
+@Mapper(
+    componentModel = "spring",
+    unmappedTargetPolicy = ReportingPolicy.IGNORE
+)
+public interface RoleMapper {
+
+    RoleDTO toDto(RoleRepresentation roleRepresentation);
+
+    List<RoleDTO> toDtoList(List<RoleRepresentation> roleRepresentations);
+} 

src/main/java/com/dalab/adminservice/mapper/ServiceConfigMapper.java

@@ -0,0 +1,29 @@
+package com.dalab.adminservice.mapper;
+
+import java.util.List;
+
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.mapstruct.MappingTarget;
+import org.mapstruct.factory.Mappers;
+
+import com.dalab.adminservice.dto.ServiceConfigDTO;
+import com.dalab.adminservice.model.ServiceConfigEntity;
+
+/**
+ * Mapper interface for converting between ServiceConfigEntity and ServiceConfigDTO.
+ */
+@Mapper
+public interface ServiceConfigMapper {
+
+    ServiceConfigMapper INSTANCE = Mappers.getMapper(ServiceConfigMapper.class);
+
+    ServiceConfigDTO toDto(ServiceConfigEntity entity);
+
+    List<ServiceConfigDTO> toDtoList(List<ServiceConfigEntity> entities);
+
+    @Mapping(target = "serviceId", ignore = true)
+    void updateEntityFromDto(ServiceConfigDTO dto, @MappingTarget ServiceConfigEntity entity);
+    
+    ServiceConfigEntity toEntity(ServiceConfigDTO dto);
+} 

src/main/java/com/dalab/adminservice/mapper/UserMapper.java

@@ -0,0 +1,41 @@
+package com.dalab.adminservice.mapper;
+
+import com.dalab.adminservice.dto.UserDTO;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.mapstruct.Named;
+import org.mapstruct.ReportingPolicy;
+
+import java.util.Collections;
+import java.util.List;
+
+@Mapper(
+    componentModel = "spring",
+    unmappedTargetPolicy = ReportingPolicy.IGNORE
+)
+public interface UserMapper {
+
+    @Mapping(target = "roles", source = "realmRoles") // Assuming roles are stored in realmRoles
+    UserDTO toDto(UserRepresentation userRepresentation);
+
+    List<UserDTO> toDtoList(List<UserRepresentation> userRepresentations);
+
+    // For creating/updating users in Keycloak
+    @Mapping(target = "realmRoles", source = "roles")
+    @Mapping(target = "credentials", source = "password", qualifiedByName = "passwordToCredentials")
+    UserRepresentation toRepresentation(UserDTO userDTO);
+
+    @Named("passwordToCredentials")
+    default List<CredentialRepresentation> passwordToCredentials(String password) {
+        if (password == null || password.isEmpty()) {
+            return Collections.emptyList();
+        }
+        CredentialRepresentation credential = new CredentialRepresentation();
+        credential.setType(CredentialRepresentation.PASSWORD);
+        credential.setValue(password);
+        credential.setTemporary(false); // Set to true if password reset is required on first login
+        return Collections.singletonList(credential);
+    }
+} 

src/main/java/com/dalab/adminservice/model/AbstractAuditableEntity.java

@@ -0,0 +1,41 @@
+package com.dalab.adminservice.model;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.EntityListeners;
+import jakarta.persistence.MappedSuperclass;
+import lombok.Data;
+import org.springframework.data.annotation.CreatedBy;
+import org.springframework.data.annotation.CreatedDate;
+import org.springframework.data.annotation.LastModifiedBy;
+import org.springframework.data.annotation.LastModifiedDate;
+import org.springframework.data.jpa.domain.support.AuditingEntityListener;
+
+import java.io.Serializable;
+import java.time.Instant;
+
+/**
+ * Abstract base class for auditable entities.
+ */
+@Data
+@MappedSuperclass
+@EntityListeners(AuditingEntityListener.class)
+public abstract class AbstractAuditableEntity implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @CreatedBy
+    @Column(name = "created_by", nullable = false, length = 50, updatable = false)
+    private String createdBy;
+
+    @CreatedDate
+    @Column(name = "created_date", nullable = false, updatable = false)
+    private Instant createdDate = Instant.now();
+
+    @LastModifiedBy
+    @Column(name = "last_modified_by", length = 50)
+    private String lastModifiedBy;
+
+    @LastModifiedDate
+    @Column(name = "last_modified_date")
+    private Instant lastModifiedDate = Instant.now();
+} 

src/main/java/com/dalab/adminservice/model/CloudConnectionEntity.java

@@ -0,0 +1,52 @@
+package com.dalab.adminservice.model;
+
+import com.dalab.adminservice.model.enums.CloudProviderType;
+import io.hypersistence.utils.hibernate.type.json.JsonType;
+import jakarta.persistence.*;
+import lombok.Getter;
+import lombok.Setter;
+import org.hibernate.annotations.GenericGenerator;
+import org.hibernate.annotations.Type;
+
+import java.time.LocalDateTime;
+import java.util.Map;
+
+@Getter
+@Setter
+@Entity
+@Table(name = "dalab_cloud_connection")
+public class CloudConnectionEntity extends AbstractAuditableEntity {
+
+    @Id
+    @GeneratedValue(generator = "uuid2")
+    @GenericGenerator(name = "uuid2", strategy = "uuid2")
+    @Column(name = "id", updatable = false, nullable = false, columnDefinition = "VARCHAR(36)")
+    private String id;
+
+    @Column(name = "name", nullable = false, length = 100)
+    private String name;
+
+    @Column(name = "description", length = 500)
+    private String description;
+
+    @Enumerated(EnumType.STRING)
+    @Column(name = "provider_type", nullable = false, length = 50)
+    private CloudProviderType providerType;
+
+    @Type(JsonType.class)
+    @Column(name = "connection_parameters", columnDefinition = "jsonb")
+    private Map<String, String> connectionParameters;
+
+    @Lob // Or @Column(length = large_enough_value) depending on DB and encrypted size
+    @Column(name = "encrypted_credentials", nullable = true) // Storing as byte[] might be better for encrypted data
+    private String encryptedCredentials; // Placeholder: In a real app, this would be byte[] and encrypted
+
+    @Column(name = "enabled", nullable = false)
+    private boolean enabled = true;
+
+    @Column(name = "last_connection_test_at")
+    private LocalDateTime lastConnectionTestAt;
+
+    @Column(name = "last_connection_test_status", length = 50)
+    private String lastConnectionTestStatus; // e.g., SUCCESS, FAILED
+} 

src/main/java/com/dalab/adminservice/model/ServiceConfigEntity.java

@@ -0,0 +1,42 @@
+package com.dalab.adminservice.model;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * Entity for service configuration management.
+ */
+@Entity
+@Table(name = "service_configs")
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class ServiceConfigEntity {
+    
+    @Id
+    @Column(nullable = false, unique = true, length = 100)
+    private String serviceId;
+    
+    @Column(length = 255)
+    private String displayName;
+    
+    @Column(length = 1000)
+    private String description;
+    
+    @Column(length = 50)
+    private String version;
+    
+    @Column(length = 500)
+    private String endpoint;
+    
+    @Builder.Default
+    private boolean enabled = true;
+    
+} 

src/main/java/com/dalab/adminservice/model/enums/CloudProviderType.java

@@ -0,0 +1,11 @@
+package com.dalab.adminservice.model.enums;
+
+/**
+ * Enumeration of supported cloud provider types.
+ */
+public enum CloudProviderType {
+    AWS,
+    AZURE,
+    GCP,
+    OTHER
+} 

src/main/java/com/dalab/adminservice/repository/CloudConnectionRepository.java

@@ -0,0 +1,12 @@
+package com.dalab.adminservice.repository;
+
+import com.dalab.adminservice.model.CloudConnectionEntity;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface CloudConnectionRepository extends JpaRepository<CloudConnectionEntity, String> {
+    Optional<CloudConnectionEntity> findByName(String name);
+} 

src/main/java/com/dalab/adminservice/repository/ServiceConfigRepository.java

@@ -0,0 +1,23 @@
+package com.dalab.adminservice.repository;
+
+import java.util.Optional;
+import java.util.UUID;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import com.dalab.adminservice.model.ServiceConfigEntity;
+
+/**
+ * Repository interface for ServiceConfig entities
+ */
+@Repository
+public interface ServiceConfigRepository extends JpaRepository<ServiceConfigEntity, UUID> {
+    
+    /**
+     * Find service configuration by service ID
+     * @param serviceId the service identifier
+     * @return Optional containing the service config if found
+     */
+    Optional<ServiceConfigEntity> findByServiceId(String serviceId);
+} 

src/main/java/com/dalab/adminservice/service/ICloudConnectionService.java

@@ -0,0 +1,18 @@
+package com.dalab.adminservice.service;
+
+import com.dalab.adminservice.dto.CloudConnectionDTO;
+import com.dalab.adminservice.dto.CloudConnectionTestResultDTO;
+
+import java.util.List;
+import java.util.Optional;
+
+public interface ICloudConnectionService {
+    List<CloudConnectionDTO> getAllCloudConnections();
+    Optional<CloudConnectionDTO> getCloudConnectionById(String id);
+    CloudConnectionDTO createCloudConnection(CloudConnectionDTO cloudConnectionDTO);
+    CloudConnectionDTO updateCloudConnection(String id, CloudConnectionDTO cloudConnectionDTO);
+    void deleteCloudConnection(String id);
+    CloudConnectionTestResultDTO testCloudConnection(String id);
+    // Method to get decrypted credentials - internal use, not exposed via API directly
+    String getDecryptedCredentials(String id);
+} 

src/main/java/com/dalab/adminservice/service/IEncryptionService.java

@@ -0,0 +1,22 @@
+package com.dalab.adminservice.service;
+
+/**
+ * Service interface for encryption and decryption operations.
+ */
+public interface IEncryptionService {
+    
+    /**
+     * Encrypt the given data.
+     * @param data The data to encrypt
+     * @return The encrypted data as a string
+     */
+    String encrypt(String data);
+    
+    /**
+     * Decrypt the given encrypted data.
+     * @param encryptedData The encrypted data to decrypt
+     * @return The decrypted data as a string
+     */
+    String decrypt(String encryptedData);
+    
+} 

src/main/java/com/dalab/adminservice/service/IJobStatusService.java

@@ -0,0 +1,16 @@
+package com.dalab.adminservice.service;
+
+import com.dalab.adminservice.dto.AggregatedJobStatusDTO;
+
+/**
+ * Service interface for job status aggregation operations.
+ */
+public interface IJobStatusService {
+    
+    /**
+     * Get aggregated job statuses from all microservices.
+     * @return Aggregated job status DTO
+     */
+    AggregatedJobStatusDTO getAggregatedJobStatuses();
+    
+} 

src/main/java/com/dalab/adminservice/service/IRoleService.java

@@ -0,0 +1,18 @@
+package com.dalab.adminservice.service;
+
+import java.util.List;
+
+import com.dalab.adminservice.dto.RoleDTO;
+
+/**
+ * Service interface for role management operations.
+ */
+public interface IRoleService {
+    
+    /**
+     * Get all available realm roles.
+     * @return List of role DTOs
+     */
+    List<RoleDTO> getAllRealmRoles();
+    
+} 

src/main/java/com/dalab/adminservice/service/IServiceConfigService.java

@@ -0,0 +1,14 @@
+package com.dalab.adminservice.service;
+
+import com.dalab.adminservice.dto.ServiceConfigDTO;
+
+import java.util.List;
+import java.util.Optional;
+
+public interface IServiceConfigService {
+    List<ServiceConfigDTO> getAllServiceConfigs();
+    Optional<ServiceConfigDTO> getServiceConfigById(String serviceId);
+    ServiceConfigDTO createServiceConfig(ServiceConfigDTO serviceConfigDTO);
+    ServiceConfigDTO updateServiceConfig(String serviceId, ServiceConfigDTO serviceConfigDTO);
+    // No delete operation defined for now, services are typically not "deleted" but maybe disabled.
+} 

src/main/java/com/dalab/adminservice/service/IUserService.java

@@ -0,0 +1,19 @@
+package com.dalab.adminservice.service;
+
+import com.dalab.adminservice.dto.UserDTO;
+import org.keycloak.representations.idm.RoleRepresentation;
+
+import java.util.List;
+import java.util.Optional;
+
+public interface IUserService {
+    List<UserDTO> getAllUsers(Integer firstResult, Integer maxResults);
+    Optional<UserDTO> getUserById(String userId);
+    Optional<UserDTO> getUserByUsername(String username);
+    UserDTO createUser(UserDTO userDTO);
+    UserDTO updateUser(String userId, UserDTO userDTO);
+    void deleteUser(String userId);
+    void assignRealmRolesToUser(String userId, List<String> roleNames);
+    List<RoleRepresentation> getAvailableRealmRoles(); // Helper to get roles for UI
+    List<RoleRepresentation> getUserRealmRoles(String userId);
+} 

src/main/java/com/dalab/adminservice/service/impl/BasicEncryptionServiceImpl.java

@@ -0,0 +1,59 @@
+package com.dalab.adminservice.service.impl;
+
+import com.dalab.adminservice.service.IEncryptionService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+
+@Service
+@Slf4j
+public class BasicEncryptionServiceImpl implements IEncryptionService {
+
+    private static final String ALGORITHM = "AES";
+    private static final String TRANSFORMATION = "AES/ECB/PKCS5Padding"; // ECB is simple but less secure for some uses.
+
+    @Value("${app.encryption.key:DefaultTestEncrKey}") // 16, 24, or 32 bytes for AES-128, AES-192, or AES-256. IMPORTANT: Store securely, not hardcoded/defaulted in prod.
+    private String encryptionKeyString;
+
+    private SecretKeySpec getSecretKeySpec() {
+        // Ensure the key is the correct length (e.g., 16 bytes for AES-128)
+        byte[] keyBytes = new byte[16];
+        byte[] providedKeyBytes = encryptionKeyString.getBytes(StandardCharsets.UTF_8);
+        System.arraycopy(providedKeyBytes, 0, keyBytes, 0, Math.min(providedKeyBytes.length, keyBytes.length));
+        return new SecretKeySpec(keyBytes, ALGORITHM);
+    }
+
+    @Override
+    public String encrypt(String data) {
+        if (data == null) return null;
+        try {
+            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
+            cipher.init(Cipher.ENCRYPT_MODE, getSecretKeySpec());
+            byte[] encryptedBytes = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8));
+            return Base64.getEncoder().encodeToString(encryptedBytes);
+        } catch (Exception e) {
+            log.error("Error encrypting data", e);
+            // In a real app, throw a specific EncryptionException
+            throw new RuntimeException("Error encrypting data", e); 
+        }
+    }
+
+    @Override
+    public String decrypt(String encryptedData) {
+        if (encryptedData == null) return null;
+        try {
+            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
+            cipher.init(Cipher.DECRYPT_MODE, getSecretKeySpec());
+            byte[] originalBytes = cipher.doFinal(Base64.getDecoder().decode(encryptedData));
+            return new String(originalBytes, StandardCharsets.UTF_8);
+        } catch (Exception e) {
+            log.error("Error decrypting data", e);
+            // In a real app, throw a specific EncryptionException or return null/empty based on policy
+            throw new RuntimeException("Error decrypting data", e); 
+        }
+    }
+} 

src/main/java/com/dalab/adminservice/service/impl/CloudConnectionServiceImpl.java

@@ -0,0 +1,166 @@
+package com.dalab.adminservice.service.impl;
+
+import com.dalab.adminservice.dto.CloudConnectionDTO;
+import com.dalab.adminservice.dto.CloudConnectionTestResultDTO;
+import com.dalab.adminservice.exception.ConflictException;
+import com.dalab.adminservice.exception.NotFoundException;
+import com.dalab.adminservice.mapper.CloudConnectionMapper;
+import com.dalab.adminservice.model.CloudConnectionEntity;
+import com.dalab.adminservice.repository.CloudConnectionRepository;
+import com.dalab.adminservice.service.ICloudConnectionService;
+import com.dalab.adminservice.service.IEncryptionService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.StringUtils;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import java.util.Optional;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class CloudConnectionServiceImpl implements ICloudConnectionService {
+
+    private final CloudConnectionRepository cloudConnectionRepository;
+    private final CloudConnectionMapper cloudConnectionMapper;
+    private final IEncryptionService encryptionService; // For encrypting/decrypting sensitiveCredentials
+
+    @Override
+    @Transactional(readOnly = true)
+    public List<CloudConnectionDTO> getAllCloudConnections() {
+        log.debug("Fetching all cloud connections");
+        return cloudConnectionMapper.toDtoList(cloudConnectionRepository.findAll());
+    }
+
+    @Override
+    @Transactional(readOnly = true)
+    public Optional<CloudConnectionDTO> getCloudConnectionById(String id) {
+        log.debug("Fetching cloud connection by ID: {}", id);
+        return cloudConnectionRepository.findById(id)
+                .map(cloudConnectionMapper::toDto);
+    }
+
+    @Override
+    @Transactional
+    public CloudConnectionDTO createCloudConnection(CloudConnectionDTO cloudConnectionDTO) {
+        log.info("Creating new cloud connection with name: {}", cloudConnectionDTO.getName());
+        cloudConnectionRepository.findByName(cloudConnectionDTO.getName()).ifPresent(entity -> {
+            throw new ConflictException("Cloud connection with name '" + cloudConnectionDTO.getName() + "' already exists.");
+        });
+
+        CloudConnectionEntity entity = cloudConnectionMapper.toEntity(cloudConnectionDTO);
+        if (StringUtils.hasText(cloudConnectionDTO.getSensitiveCredentials())) {
+            entity.setEncryptedCredentials(encryptionService.encrypt(cloudConnectionDTO.getSensitiveCredentials()));
+        }
+        CloudConnectionEntity savedEntity = cloudConnectionRepository.save(entity);
+        return cloudConnectionMapper.toDto(savedEntity);
+    }
+
+    @Override
+    @Transactional
+    public CloudConnectionDTO updateCloudConnection(String id, CloudConnectionDTO cloudConnectionDTO) {
+        log.info("Updating cloud connection with ID: {}", id);
+        CloudConnectionEntity existingEntity = cloudConnectionRepository.findById(id)
+                .orElseThrow(() -> new NotFoundException("Cloud connection with ID '" + id + "' not found."));
+
+        // Check if name is being changed and if the new name already exists for another entity
+        if (StringUtils.hasText(cloudConnectionDTO.getName()) && !existingEntity.getName().equals(cloudConnectionDTO.getName())) {
+            cloudConnectionRepository.findByName(cloudConnectionDTO.getName()).ifPresent(entity -> {
+                if (!entity.getId().equals(id)) { // If it's not the same entity
+                    throw new ConflictException("Cloud connection with name '" + cloudConnectionDTO.getName() + "' already exists.");
+                }
+            });
+        }
+
+        cloudConnectionMapper.updateEntityFromDto(cloudConnectionDTO, existingEntity);
+        if (StringUtils.hasText(cloudConnectionDTO.getSensitiveCredentials())) {
+            log.debug("Updating encrypted credentials for cloud connection ID: {}", id);
+            existingEntity.setEncryptedCredentials(encryptionService.encrypt(cloudConnectionDTO.getSensitiveCredentials()));
+        } else {
+            // If sensitiveCredentials is null or empty in DTO, it means user doesn't want to update them.
+            // If user wants to clear them, an explicit mechanism should be used.
+            // For now, we just don't update if it's not provided.
+        }
+
+        CloudConnectionEntity updatedEntity = cloudConnectionRepository.save(existingEntity);
+        return cloudConnectionMapper.toDto(updatedEntity);
+    }
+
+    @Override
+    @Transactional
+    public void deleteCloudConnection(String id) {
+        log.info("Deleting cloud connection with ID: {}", id);
+        if (!cloudConnectionRepository.existsById(id)) {
+            throw new NotFoundException("Cloud connection with ID '" + id + "' not found.");
+        }
+        cloudConnectionRepository.deleteById(id);
+    }
+
+    @Override
+    @Transactional
+    public CloudConnectionTestResultDTO testCloudConnection(String id) {
+        log.info("Testing cloud connection with ID: {}", id);
+        CloudConnectionEntity entity = cloudConnectionRepository.findById(id)
+                .orElseThrow(() -> new NotFoundException("Cloud connection with ID '" + id + "' not found for testing."));
+
+        // Placeholder for actual connection testing logic
+        // This would involve: 
+        // 1. Decrypting entity.getEncryptedCredentials() using encryptionService.decrypt()
+        // 2. Using the decrypted credentials and entity.getConnectionParameters() 
+        //    to attempt a connection to the specified cloudProviderType (e.g., using GCP/AWS SDKs).
+        boolean testSuccess = false;
+        String message = "Test not implemented for provider: " + entity.getProviderType();
+        
+        // Simulate a test
+        try {
+            String decryptedCreds = encryptionService.decrypt(entity.getEncryptedCredentials());
+            if (decryptedCreds != null && !decryptedCreds.isEmpty()) {
+                 // Simulate success if credentials exist for the sake of example
+                message = "Simulated connection test successful for " + entity.getName();
+                testSuccess = true; 
+                log.info("Simulated connection test successful for ID: {}. Decrypted (sample): {}", id, decryptedCreds.substring(0, Math.min(decryptedCreds.length(), 10)));
+            } else {
+                message = "Simulated connection test failed: No credentials to test for " + entity.getName();
+                log.warn("Simulated connection test failed for ID: {}. No credentials found.", id);
+            }
+        } catch (Exception e) {
+            log.error("Error during simulated connection test for ID: {}", id, e);
+            message = "Simulated connection test failed: " + e.getMessage();
+        }
+
+        entity.setLastConnectionTestAt(LocalDateTime.now());
+        entity.setLastConnectionTestStatus(testSuccess ? "SUCCESS" : "FAILED");
+        cloudConnectionRepository.save(entity);
+
+        return CloudConnectionTestResultDTO.builder()
+                .success(testSuccess)
+                .message(message)
+                .testedAt(LocalDateTime.now().format(DateTimeFormatter.ISO_DATE_TIME))
+                .build();
+    }
+    
+    @Override
+    @Transactional(readOnly = true)
+    public String getDecryptedCredentials(String id) {
+        log.debug("Retrieving decrypted credentials for cloud connection ID: {} (internal use)", id);
+        CloudConnectionEntity entity = cloudConnectionRepository.findById(id)
+            .orElseThrow(() -> new NotFoundException("Cloud connection with ID '" + id + "' not found."));
+        
+        if (!StringUtils.hasText(entity.getEncryptedCredentials())) {
+            log.warn("No encrypted credentials found for cloud connection ID: {}", id);
+            return null;
+        }
+        try {
+            return encryptionService.decrypt(entity.getEncryptedCredentials());
+        } catch (Exception e) {
+            log.error("Failed to decrypt credentials for cloud connection ID: {}. Error: {}", id, e.getMessage());
+            // Depending on policy, you might re-throw, or return null, or a specific error marker.
+            // Throwing an exception is safer to indicate failure clearly.
+            throw new RuntimeException("Failed to decrypt credentials for ID: " + id, e);
+        }
+    }
+} 

src/main/java/com/dalab/adminservice/service/impl/JobStatusServiceImpl.java

@@ -0,0 +1,108 @@
+package com.dalab.adminservice.service.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.stereotype.Service;
+
+import com.dalab.adminservice.client.IAutoarchivalTaskApiClient;
+import com.dalab.adminservice.client.IAutocomplianceJobApiClient;
+import com.dalab.adminservice.client.IAutodeleteTaskApiClient;
+import com.dalab.adminservice.client.IAutolabelJobApiClient;
+import com.dalab.adminservice.client.IDiscoveryJobApiClient;
+import com.dalab.adminservice.dto.AggregatedJobStatusDTO;
+import com.dalab.adminservice.dto.JobStatusDTO;
+import com.dalab.adminservice.service.IJobStatusService;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * Service implementation for aggregating job statuses from all DALab microservices
+ */
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class JobStatusServiceImpl implements IJobStatusService {
+
+    private final IDiscoveryJobApiClient discoveryJobApiClient;
+    private final IAutolabelJobApiClient autolabelJobApiClient;
+    private final IAutoarchivalTaskApiClient autoarchivalTaskApiClient;
+    private final IAutodeleteTaskApiClient autodeleteTaskApiClient;
+    private final IAutocomplianceJobApiClient autocomplianceJobApiClient;
+
+    @Override
+    public AggregatedJobStatusDTO getAggregatedJobStatuses() {
+        log.debug("Aggregating job statuses from all DALab services");
+        
+        List<JobStatusDTO> allJobs = new ArrayList<>();
+        
+        // Aggregate jobs from all services with error handling
+        aggregateFromService("Discovery", () -> discoveryJobApiClient.getDiscoveryJobs(), allJobs);
+        aggregateFromService("Autolabel", () -> autolabelJobApiClient.getAutolabelJobs(), allJobs);
+        aggregateFromService("Autoarchival", () -> autoarchivalTaskApiClient.getArchivalTasks(), allJobs);
+        aggregateFromService("Autodelete", () -> autodeleteTaskApiClient.getDeletionTasks(), allJobs);
+        aggregateFromService("Autocompliance", () -> autocomplianceJobApiClient.getComplianceReportJobs(), allJobs);
+        
+        return buildAggregatedResult(allJobs);
+    }
+
+    private void aggregateFromService(String serviceName, ServiceJobProvider provider, List<JobStatusDTO> allJobs) {
+        try {
+            List<JobStatusDTO> serviceJobs = provider.getJobs();
+            if (serviceJobs != null) {
+                allJobs.addAll(serviceJobs);
+                log.debug("Aggregated {} jobs from {} service", serviceJobs.size(), serviceName);
+            }
+        } catch (Exception e) {
+            log.warn("Failed to retrieve jobs from {} service: {}", serviceName, e.getMessage());
+        }
+    }
+
+    private AggregatedJobStatusDTO buildAggregatedResult(List<JobStatusDTO> allJobs) {
+        int totalJobs = allJobs.size();
+        int pendingJobs = 0;
+        int runningJobs = 0;
+        int completedSuccessJobs = 0;
+        int completedFailedJobs = 0;
+
+        for (JobStatusDTO job : allJobs) {
+            String status = job.getStatus();
+            if (status == null) continue;
+            
+            switch (status.toUpperCase()) {
+                case "PENDING":
+                    pendingJobs++;
+                    break;
+                case "RUNNING":
+                case "IN_PROGRESS":
+                    runningJobs++;
+                    break;
+                case "COMPLETED_SUCCESS":
+                case "COMPLETED":
+                case "SUCCESS":
+                    completedSuccessJobs++;
+                    break;
+                case "COMPLETED_FAILED":
+                case "FAILED":
+                case "ERROR":
+                    completedFailedJobs++;
+                    break;
+            }
+        }
+
+        return AggregatedJobStatusDTO.builder()
+                .totalJobs(totalJobs)
+                .pendingJobs(pendingJobs)
+                .runningJobs(runningJobs)
+                .completedSuccessJobs(completedSuccessJobs)
+                .completedFailedJobs(completedFailedJobs)
+                .jobs(allJobs)
+                .build();
+    }
+
+    @FunctionalInterface
+    private interface ServiceJobProvider {
+        List<JobStatusDTO> getJobs();
+    }
+} 

src/main/java/com/dalab/adminservice/service/impl/RoleServiceImpl.java

@@ -0,0 +1,44 @@
+package com.dalab.adminservice.service.impl;
+
+import com.dalab.adminservice.dto.RoleDTO;
+import com.dalab.adminservice.exception.KeycloakAdminException;
+import com.dalab.adminservice.mapper.RoleMapper;
+import com.dalab.adminservice.service.IRoleService;
+import jakarta.ws.rs.WebApplicationException;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class RoleServiceImpl implements IRoleService {
+
+    private final Keycloak keycloakAdminClient;
+    private final RoleMapper roleMapper;
+
+    @Value("${keycloak.realm}")
+    private String realmName;
+
+    private RealmResource getRealmResource() {
+        return keycloakAdminClient.realm(realmName);
+    }
+
+    @Override
+    public List<RoleDTO> getAllRealmRoles() {
+        log.debug("Fetching all available realm roles from Keycloak realm: {}", realmName);
+        try {
+            List<RoleRepresentation> roleRepresentations = getRealmResource().roles().list();
+            return roleMapper.toDtoList(roleRepresentations);
+        } catch (WebApplicationException e) {
+            log.error("Keycloak admin error fetching available realm roles: {}", e.getMessage(), e);
+            throw new KeycloakAdminException("Error fetching available realm roles: " + e.getMessage(), e);
+        }
+    }
+}