use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getSSHKeysFromLocalFile.
public static AzureDockerCertVault getSSHKeysFromLocalFile(String localPath) throws AzureDockerException {
AzureDockerCertVault certVault = new AzureDockerCertVault();
try {
certVault.sshKey = new String(Files.readAllBytes(Paths.get(localPath, "id_rsa")));
certVault.sshPubKey = new String(Files.readAllBytes(Paths.get(localPath, "id_rsa.pub")));
} catch (Exception e) {
throw new AzureDockerException(e.getMessage());
}
return certVault;
}
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (certVault == null || keyVaultClient == null || certVault.uri == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
String vaultUri = certVault.uri;
try {
SecretBundle secret = keyVaultClient.getSecret(vaultUri, SECRETENTRY_DOCKERHOSTNAMES);
if (secret != null) {
certVault.hostName = secret.value();
} else {
certVault.hostName = null;
return null;
}
} catch (Exception e) {
return null;
}
//Execute Key Vault Secret read in parallel
Map<String, String> secretNamesAndValueMap = new HashMap<>();
Observable.from(DOCKERHOST_SECRETS).flatMap(secretName -> {
return Observable.create(new Observable.OnSubscribe<Pair<String, String>>() {
@Override
public void call(Subscriber<? super Pair<String, String>> subscriber) {
keyVaultClient.getSecretAsync(vaultUri, secretName, new ServiceCallback<SecretBundle>() {
@Override
public void failure(Throwable throwable) {
subscriber.onCompleted();
}
@Override
public void success(SecretBundle secretBundle) {
if (secretBundle != null) {
subscriber.onNext(new Pair<>(secretName, secretBundle.value()));
}
subscriber.onCompleted();
}
});
}
}).subscribeOn(Schedulers.io());
}, 5).subscribeOn(Schedulers.io()).toBlocking().subscribe(new Action1<Pair<String, String>>() {
@Override
public void call(Pair<String, String> secretNameAndValue) {
secretNamesAndValueMap.put(secretNameAndValue.first(), secretNameAndValue.second());
}
});
String currentSecretValue;
currentSecretValue = secretNamesAndValueMap.get("vmUsername");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmUsername = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("vmPwd");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmPwd = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshPubKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshPubKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCACert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCACert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCAKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCAKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerKey = currentSecretValue;
}
return certVault;
}
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(Azure azureClient, AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (azureClient == null || certVault == null || keyVaultClient == null || certVault.name == null || certVault.resourceGroupName == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
Vault vault;
try {
vault = azureClient.vaults().getByResourceGroup(certVault.resourceGroupName, certVault.name);
certVault.uri = vault.vaultUri();
} catch (Exception e) {
throw new AzureDockerException(e.getMessage());
}
return getVault(certVault, keyVaultClient);
}
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(Azure azureClient, String name, String resourceGroupName, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (azureClient == null || keyVaultClient == null || name == null || resourceGroupName == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
AzureDockerCertVault tempVault = new AzureDockerCertVault();
tempVault.name = name;
tempVault.resourceGroupName = resourceGroupName;
return getVault(azureClient, tempVault, keyVaultClient);
}
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureNewDockerLoginStep method doValidate.
private ValidationInfo doValidate(boolean shakeOnError) {
if (dockerHostImportKeyvaultCredsRadioButton.isSelected()) {
// read key vault secrets and set the credentials for the new host
AzureDockerCertVault certVault = (AzureDockerCertVault) dockerHostImportKeyvaultComboBox.getSelectedItem();
if (certVault == null) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Missing vault", rootConfigureContainerPanel, dockerHostImportKeyvaultComboBox, dockerHostImportKeyvaultComboLabel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
dockerHostImportKeyvaultComboLabel.setVisible(false);
newHost.certVault.name = certVault.name;
newHost.certVault.resourceGroupName = certVault.resourceGroupName;
newHost.certVault.region = certVault.region;
newHost.certVault.uri = certVault.uri;
AzureDockerCertVaultOps.copyVaultLoginCreds(newHost.certVault, certVault);
AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
// create a weak link (resource tag) between the virtual machine and the key vault
// we will not create/update the key vault unless the user checks the specific option
newHost.certVault.hostName = null;
newHost.hasKeyVault = true;
} else {
// reset key vault info
newHost.hasKeyVault = false;
newHost.certVault.name = null;
newHost.certVault.uri = null;
dockerHostImportKeyvaultComboLabel.setVisible(false);
// User name
String vmUsername = dockerHostUsernameTextField.getText();
if (vmUsername == null || vmUsername.isEmpty() || !AzureDockerValidationUtils.validateDockerHostUserName(vmUsername)) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Missing username", vmCredsPanel, dockerHostUsernameTextField, dockerHostUsernameLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
newHost.certVault.vmUsername = vmUsername;
// Password login
String vmPwd1 = new String(dockerHostFirstPwdField.getPassword());
String vmPwd2 = new String(dockerHostSecondPwdField.getPassword());
if ((dockerHostNoSshRadioButton.isSelected() || dockerHostFirstPwdField.getPassword().length > 0 || dockerHostSecondPwdField.getPassword().length > 0) && (vmPwd1.isEmpty() || vmPwd2.isEmpty() || !vmPwd1.equals(vmPwd2) || !AzureDockerValidationUtils.validateDockerHostPassword(vmPwd1))) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Incorrect password", vmCredsPanel, dockerHostFirstPwdField, dockerHostFirstPwdLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
dockerHostFirstPwdLabel.setVisible(false);
if (dockerHostFirstPwdField.getPassword().length > 0) {
newHost.certVault.vmPwd = new String(dockerHostFirstPwdField.getPassword());
newHost.hasPwdLogIn = true;
} else {
newHost.certVault.vmPwd = null;
newHost.hasPwdLogIn = false;
}
// SSH key auto generated
if (dockerHostAutoSshRadioButton.isSelected()) {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.generateSSHKeys(null, "SSH keys for " + newHost.name);
AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
newHost.hasSSHLogIn = true;
}
if (dockerHostNoSshRadioButton.isSelected()) {
newHost.hasSSHLogIn = false;
newHost.certVault.sshKey = null;
newHost.certVault.sshPubKey = null;
}
// SSH key imported from local file directory
if (dockerHostImportSshRadioButton.isSelected()) {
if (dockerHostImportSSHBrowseTextField.getText() == null || dockerHostImportSSHBrowseTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostSshDirectory(dockerHostImportSSHBrowseTextField.getText())) {
ValidationInfo info = AzureDockerUIResources.validateComponent("SSH key files were not found in the selected directory", vmCredsPanel, dockerHostImportSSHBrowseTextField, dockerHostImportSSHBrowseLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
} else {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.getSSHKeysFromLocalFile(dockerHostImportSSHBrowseTextField.getText());
AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
newHost.hasSSHLogIn = true;
}
}
// No Docker daemon security
if (dockerHostNoTlsRadioButton.isSelected()) {
newHost.isTLSSecured = false;
}
// TLS certs auto generated
if (dockerHostAutoTlsRadioButton.isSelected()) {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.generateTLSCerts("TLS certs for " + newHost.name);
AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
newHost.isTLSSecured = true;
}
// TLS certs imported from local file directory
if (dockerHostImportTlsRadioButton.isSelected()) {
if (dockerHostImportTLSBrowseTextField.getText() == null || dockerHostImportTLSBrowseTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostTlsDirectory(dockerHostImportTLSBrowseTextField.getText())) {
ValidationInfo info = AzureDockerUIResources.validateComponent("TLS certificates files were not found in the selected directory", vmCredsPanel, dockerHostImportTLSBrowseTextField, dockerHostImportTLSBrowseLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
} else {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.getTLSCertsFromLocalFile(dockerHostImportTLSBrowseTextField.getText());
AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
newHost.isTLSSecured = true;
}
}
}
// Docker daemon port settings
if (dockerDaemonPortTextField.getText() == null || dockerDaemonPortTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostPort(dockerDaemonPortTextField.getText())) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Invalid Docker daemon port settings", daemonCredsPanel, dockerDaemonPortTextField, dockerDaemonPortLabel);
credsTabbedPane.setSelectedComponent(daemonCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
newHost.port = dockerDaemonPortTextField.getText();
// create new key vault for storing the credentials
if (dockerHostSaveCredsCheckBox.isSelected()) {
if (dockerHostNewKeyvaultTextField.getText() == null || dockerHostNewKeyvaultTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostKeyvaultName(dockerHostNewKeyvaultTextField.getText(), dockerManager, true)) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Incorrect Azure Key Vault", rootConfigureContainerPanel, dockerHostNewKeyvaultTextField, dockerHostNewKeyvaultLabel);
setDialogButtonsState(false);
return info;
} else {
newHost.hasKeyVault = true;
newHost.certVault.name = dockerHostNewKeyvaultTextField.getText();
newHost.certVault.hostName = (newHost.name != null) ? newHost.name : null;
newHost.certVault.region = (newHost.hostVM.region != null) ? newHost.hostVM.region : null;
newHost.certVault.resourceGroupName = (newHost.hostVM.resourceGroupName != null) ? newHost.hostVM.resourceGroupName : null;
newHost.certVault.uri = (newHost.hostVM.region != null && newHost.hostVM.resourceGroupName != null) ? "https://" + newHost.certVault.name + ".vault.azure.net" : null;
}
} else {
newHost.certVault.hostName = null;
}
setDialogButtonsState(true);
return null;
}
Aggregations