Search in sources :

Example 6 with AzureDockerCertVault

use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.

the class AzureDockerCertVaultOps method getSSHKeysFromLocalFile.

public static AzureDockerCertVault getSSHKeysFromLocalFile(String localPath) throws AzureDockerException {
    AzureDockerCertVault certVault = new AzureDockerCertVault();
    try {
        certVault.sshKey = new String(Files.readAllBytes(Paths.get(localPath, "id_rsa")));
        certVault.sshPubKey = new String(Files.readAllBytes(Paths.get(localPath, "id_rsa.pub")));
    } catch (Exception e) {
        throw new AzureDockerException(e.getMessage());
    }
    return certVault;
}
Also used : AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault) AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) CloudException(com.microsoft.azure.CloudException)

Example 7 with AzureDockerCertVault

use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.

the class AzureDockerCertVaultOps method getVault.

public static AzureDockerCertVault getVault(AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
    if (certVault == null || keyVaultClient == null || certVault.uri == null) {
        throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
    }
    String vaultUri = certVault.uri;
    try {
        SecretBundle secret = keyVaultClient.getSecret(vaultUri, SECRETENTRY_DOCKERHOSTNAMES);
        if (secret != null) {
            certVault.hostName = secret.value();
        } else {
            certVault.hostName = null;
            return null;
        }
    } catch (Exception e) {
        return null;
    }
    //Execute Key Vault Secret read in parallel
    Map<String, String> secretNamesAndValueMap = new HashMap<>();
    Observable.from(DOCKERHOST_SECRETS).flatMap(secretName -> {
        return Observable.create(new Observable.OnSubscribe<Pair<String, String>>() {

            @Override
            public void call(Subscriber<? super Pair<String, String>> subscriber) {
                keyVaultClient.getSecretAsync(vaultUri, secretName, new ServiceCallback<SecretBundle>() {

                    @Override
                    public void failure(Throwable throwable) {
                        subscriber.onCompleted();
                    }

                    @Override
                    public void success(SecretBundle secretBundle) {
                        if (secretBundle != null) {
                            subscriber.onNext(new Pair<>(secretName, secretBundle.value()));
                        }
                        subscriber.onCompleted();
                    }
                });
            }
        }).subscribeOn(Schedulers.io());
    }, 5).subscribeOn(Schedulers.io()).toBlocking().subscribe(new Action1<Pair<String, String>>() {

        @Override
        public void call(Pair<String, String> secretNameAndValue) {
            secretNamesAndValueMap.put(secretNameAndValue.first(), secretNameAndValue.second());
        }
    });
    String currentSecretValue;
    currentSecretValue = secretNamesAndValueMap.get("vmUsername");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.vmUsername = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("vmPwd");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.vmPwd = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("sshKey");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.sshKey = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("sshPubKey");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.sshPubKey = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("tlsCACert");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.tlsCACert = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("tlsCAKey");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.tlsCAKey = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("tlsClientCert");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.tlsClientCert = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("tlsClientKey");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.tlsClientKey = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("tlsServerCert");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.tlsServerCert = currentSecretValue;
    }
    currentSecretValue = secretNamesAndValueMap.get("tlsServerKey");
    if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
        certVault.tlsServerKey = currentSecretValue;
    }
    return certVault;
}
Also used : KeyPair(com.jcraft.jsch.KeyPair) JSch(com.jcraft.jsch.JSch) ByteArrayOutputStream(java.io.ByteArrayOutputStream) HashMap(java.util.HashMap) Action1(rx.functions.Action1) DEBUG(com.microsoft.azure.docker.ops.utils.AzureDockerUtils.DEBUG) SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle) Observable(rx.Observable) Azure(com.microsoft.azure.management.Azure) Map(java.util.Map) Schedulers(rx.schedulers.Schedulers) DefaultLoader(com.microsoft.tooling.msservices.components.DefaultLoader) ResourceGroup(com.microsoft.azure.management.resources.ResourceGroup) Vault(com.microsoft.azure.management.keyvault.Vault) Subscriber(rx.Subscriber) ServiceCallback(com.microsoft.rest.ServiceCallback) Files(java.nio.file.Files) AzureDockerUtils(com.microsoft.azure.docker.ops.utils.AzureDockerUtils) FileWriter(java.io.FileWriter) Pair(com.microsoft.azuretools.utils.Pair) SetSecretRequest(com.microsoft.azure.keyvault.requests.SetSecretRequest) SecretPermissions(com.microsoft.azure.management.keyvault.SecretPermissions) List(java.util.List) AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault) Paths(java.nio.file.Paths) CloudException(com.microsoft.azure.CloudException) KeyVaultClient(com.microsoft.azure.keyvault.KeyVaultClient) HashMap(java.util.HashMap) AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) CloudException(com.microsoft.azure.CloudException) Observable(rx.Observable) SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle) ServiceCallback(com.microsoft.rest.ServiceCallback) AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) KeyPair(com.jcraft.jsch.KeyPair) Pair(com.microsoft.azuretools.utils.Pair)

Example 8 with AzureDockerCertVault

use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.

the class AzureDockerCertVaultOps method getVault.

public static AzureDockerCertVault getVault(Azure azureClient, AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
    if (azureClient == null || certVault == null || keyVaultClient == null || certVault.name == null || certVault.resourceGroupName == null) {
        throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
    }
    Vault vault;
    try {
        vault = azureClient.vaults().getByResourceGroup(certVault.resourceGroupName, certVault.name);
        certVault.uri = vault.vaultUri();
    } catch (Exception e) {
        throw new AzureDockerException(e.getMessage());
    }
    return getVault(certVault, keyVaultClient);
}
Also used : AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) Vault(com.microsoft.azure.management.keyvault.Vault) AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault) AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) CloudException(com.microsoft.azure.CloudException)

Example 9 with AzureDockerCertVault

use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.

the class AzureDockerCertVaultOps method getVault.

public static AzureDockerCertVault getVault(Azure azureClient, String name, String resourceGroupName, KeyVaultClient keyVaultClient) throws AzureDockerException {
    if (azureClient == null || keyVaultClient == null || name == null || resourceGroupName == null) {
        throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
    }
    AzureDockerCertVault tempVault = new AzureDockerCertVault();
    tempVault.name = name;
    tempVault.resourceGroupName = resourceGroupName;
    return getVault(azureClient, tempVault, keyVaultClient);
}
Also used : AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException) AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)

Example 10 with AzureDockerCertVault

use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.

the class AzureNewDockerLoginStep method doValidate.

private ValidationInfo doValidate(boolean shakeOnError) {
    if (dockerHostImportKeyvaultCredsRadioButton.isSelected()) {
        // read key vault secrets and set the credentials for the new host
        AzureDockerCertVault certVault = (AzureDockerCertVault) dockerHostImportKeyvaultComboBox.getSelectedItem();
        if (certVault == null) {
            ValidationInfo info = AzureDockerUIResources.validateComponent("Missing vault", rootConfigureContainerPanel, dockerHostImportKeyvaultComboBox, dockerHostImportKeyvaultComboLabel);
            setDialogButtonsState(false);
            if (shakeOnError) {
                model.DialogShaker(info);
            }
            return info;
        }
        dockerHostImportKeyvaultComboLabel.setVisible(false);
        newHost.certVault.name = certVault.name;
        newHost.certVault.resourceGroupName = certVault.resourceGroupName;
        newHost.certVault.region = certVault.region;
        newHost.certVault.uri = certVault.uri;
        AzureDockerCertVaultOps.copyVaultLoginCreds(newHost.certVault, certVault);
        AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
        AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
        // create a weak link (resource tag) between the virtual machine and the key vault
        //  we will not create/update the key vault unless the user checks the specific option
        newHost.certVault.hostName = null;
        newHost.hasKeyVault = true;
    } else {
        // reset key vault info
        newHost.hasKeyVault = false;
        newHost.certVault.name = null;
        newHost.certVault.uri = null;
        dockerHostImportKeyvaultComboLabel.setVisible(false);
        // User name
        String vmUsername = dockerHostUsernameTextField.getText();
        if (vmUsername == null || vmUsername.isEmpty() || !AzureDockerValidationUtils.validateDockerHostUserName(vmUsername)) {
            ValidationInfo info = AzureDockerUIResources.validateComponent("Missing username", vmCredsPanel, dockerHostUsernameTextField, dockerHostUsernameLabel);
            credsTabbedPane.setSelectedComponent(vmCredsPanel);
            setDialogButtonsState(false);
            if (shakeOnError) {
                model.DialogShaker(info);
            }
            return info;
        }
        newHost.certVault.vmUsername = vmUsername;
        // Password login
        String vmPwd1 = new String(dockerHostFirstPwdField.getPassword());
        String vmPwd2 = new String(dockerHostSecondPwdField.getPassword());
        if ((dockerHostNoSshRadioButton.isSelected() || dockerHostFirstPwdField.getPassword().length > 0 || dockerHostSecondPwdField.getPassword().length > 0) && (vmPwd1.isEmpty() || vmPwd2.isEmpty() || !vmPwd1.equals(vmPwd2) || !AzureDockerValidationUtils.validateDockerHostPassword(vmPwd1))) {
            ValidationInfo info = AzureDockerUIResources.validateComponent("Incorrect password", vmCredsPanel, dockerHostFirstPwdField, dockerHostFirstPwdLabel);
            credsTabbedPane.setSelectedComponent(vmCredsPanel);
            setDialogButtonsState(false);
            if (shakeOnError) {
                model.DialogShaker(info);
            }
            return info;
        }
        dockerHostFirstPwdLabel.setVisible(false);
        if (dockerHostFirstPwdField.getPassword().length > 0) {
            newHost.certVault.vmPwd = new String(dockerHostFirstPwdField.getPassword());
            newHost.hasPwdLogIn = true;
        } else {
            newHost.certVault.vmPwd = null;
            newHost.hasPwdLogIn = false;
        }
        // SSH key auto generated
        if (dockerHostAutoSshRadioButton.isSelected()) {
            AzureDockerCertVault certVault = AzureDockerCertVaultOps.generateSSHKeys(null, "SSH keys for " + newHost.name);
            AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
            newHost.hasSSHLogIn = true;
        }
        if (dockerHostNoSshRadioButton.isSelected()) {
            newHost.hasSSHLogIn = false;
            newHost.certVault.sshKey = null;
            newHost.certVault.sshPubKey = null;
        }
        // SSH key imported from local file directory
        if (dockerHostImportSshRadioButton.isSelected()) {
            if (dockerHostImportSSHBrowseTextField.getText() == null || dockerHostImportSSHBrowseTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostSshDirectory(dockerHostImportSSHBrowseTextField.getText())) {
                ValidationInfo info = AzureDockerUIResources.validateComponent("SSH key files were not found in the selected directory", vmCredsPanel, dockerHostImportSSHBrowseTextField, dockerHostImportSSHBrowseLabel);
                credsTabbedPane.setSelectedComponent(vmCredsPanel);
                setDialogButtonsState(false);
                if (shakeOnError) {
                    model.DialogShaker(info);
                }
                return info;
            } else {
                AzureDockerCertVault certVault = AzureDockerCertVaultOps.getSSHKeysFromLocalFile(dockerHostImportSSHBrowseTextField.getText());
                AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
                newHost.hasSSHLogIn = true;
            }
        }
        // No Docker daemon security
        if (dockerHostNoTlsRadioButton.isSelected()) {
            newHost.isTLSSecured = false;
        }
        // TLS certs auto generated
        if (dockerHostAutoTlsRadioButton.isSelected()) {
            AzureDockerCertVault certVault = AzureDockerCertVaultOps.generateTLSCerts("TLS certs for " + newHost.name);
            AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
            newHost.isTLSSecured = true;
        }
        // TLS certs imported from local file directory
        if (dockerHostImportTlsRadioButton.isSelected()) {
            if (dockerHostImportTLSBrowseTextField.getText() == null || dockerHostImportTLSBrowseTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostTlsDirectory(dockerHostImportTLSBrowseTextField.getText())) {
                ValidationInfo info = AzureDockerUIResources.validateComponent("TLS certificates files were not found in the selected directory", vmCredsPanel, dockerHostImportTLSBrowseTextField, dockerHostImportTLSBrowseLabel);
                credsTabbedPane.setSelectedComponent(vmCredsPanel);
                setDialogButtonsState(false);
                if (shakeOnError) {
                    model.DialogShaker(info);
                }
                return info;
            } else {
                AzureDockerCertVault certVault = AzureDockerCertVaultOps.getTLSCertsFromLocalFile(dockerHostImportTLSBrowseTextField.getText());
                AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
                newHost.isTLSSecured = true;
            }
        }
    }
    // Docker daemon port settings
    if (dockerDaemonPortTextField.getText() == null || dockerDaemonPortTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostPort(dockerDaemonPortTextField.getText())) {
        ValidationInfo info = AzureDockerUIResources.validateComponent("Invalid Docker daemon port settings", daemonCredsPanel, dockerDaemonPortTextField, dockerDaemonPortLabel);
        credsTabbedPane.setSelectedComponent(daemonCredsPanel);
        setDialogButtonsState(false);
        if (shakeOnError) {
            model.DialogShaker(info);
        }
        return info;
    }
    newHost.port = dockerDaemonPortTextField.getText();
    // create new key vault for storing the credentials
    if (dockerHostSaveCredsCheckBox.isSelected()) {
        if (dockerHostNewKeyvaultTextField.getText() == null || dockerHostNewKeyvaultTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostKeyvaultName(dockerHostNewKeyvaultTextField.getText(), dockerManager, true)) {
            ValidationInfo info = AzureDockerUIResources.validateComponent("Incorrect Azure Key Vault", rootConfigureContainerPanel, dockerHostNewKeyvaultTextField, dockerHostNewKeyvaultLabel);
            setDialogButtonsState(false);
            return info;
        } else {
            newHost.hasKeyVault = true;
            newHost.certVault.name = dockerHostNewKeyvaultTextField.getText();
            newHost.certVault.hostName = (newHost.name != null) ? newHost.name : null;
            newHost.certVault.region = (newHost.hostVM.region != null) ? newHost.hostVM.region : null;
            newHost.certVault.resourceGroupName = (newHost.hostVM.resourceGroupName != null) ? newHost.hostVM.resourceGroupName : null;
            newHost.certVault.uri = (newHost.hostVM.region != null && newHost.hostVM.resourceGroupName != null) ? "https://" + newHost.certVault.name + ".vault.azure.net" : null;
        }
    } else {
        newHost.certVault.hostName = null;
    }
    setDialogButtonsState(true);
    return null;
}
Also used : ValidationInfo(com.intellij.openapi.ui.ValidationInfo) AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)

Aggregations

AzureDockerCertVault (com.microsoft.azure.docker.model.AzureDockerCertVault)18 AzureDockerException (com.microsoft.azure.docker.model.AzureDockerException)8 CloudException (com.microsoft.azure.CloudException)7 KeyVaultClient (com.microsoft.azure.keyvault.KeyVaultClient)3 Azure (com.microsoft.azure.management.Azure)3 Vault (com.microsoft.azure.management.keyvault.Vault)3 ValidationInfo (com.intellij.openapi.ui.ValidationInfo)2 JSch (com.jcraft.jsch.JSch)2 KeyPair (com.jcraft.jsch.KeyPair)2 ResourceGroup (com.microsoft.azure.management.resources.ResourceGroup)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 Date (java.util.Date)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 ModifyEvent (org.eclipse.swt.events.ModifyEvent)2 ModifyListener (org.eclipse.swt.events.ModifyListener)2 SelectionAdapter (org.eclipse.swt.events.SelectionAdapter)2 SelectionEvent (org.eclipse.swt.events.SelectionEvent)2 DirectoryDialog (org.eclipse.swt.widgets.DirectoryDialog)2 Text (org.eclipse.swt.widgets.Text)2