Example 6 with AzureDockerCertVault
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getSSHKeysFromLocalFile.
public static AzureDockerCertVault getSSHKeysFromLocalFile(String localPath) throws AzureDockerException {
AzureDockerCertVault certVault = new AzureDockerCertVault();
try {
certVault.sshKey = new String(Files.readAllBytes(Paths.get(localPath, "id_rsa")));
certVault.sshPubKey = new String(Files.readAllBytes(Paths.get(localPath, "id_rsa.pub")));
} catch (Exception e) {
throw new AzureDockerException(e.getMessage());
}
return certVault;
}
Also used :
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
CloudException(com.microsoft.azure.CloudException)
Example 7 with AzureDockerCertVault
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (certVault == null || keyVaultClient == null || certVault.uri == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
String vaultUri = certVault.uri;
try {
SecretBundle secret = keyVaultClient.getSecret(vaultUri, SECRETENTRY_DOCKERHOSTNAMES);
if (secret != null) {
certVault.hostName = secret.value();
} else {
certVault.hostName = null;
return null;
}
} catch (Exception e) {
return null;
}
//Execute Key Vault Secret read in parallel
Map<String, String> secretNamesAndValueMap = new HashMap<>();
Observable.from(DOCKERHOST_SECRETS).flatMap(secretName -> {
return Observable.create(new Observable.OnSubscribe<Pair<String, String>>() {
@Override
public void call(Subscriber<? super Pair<String, String>> subscriber) {
keyVaultClient.getSecretAsync(vaultUri, secretName, new ServiceCallback<SecretBundle>() {
@Override
public void failure(Throwable throwable) {
subscriber.onCompleted();
}
@Override
public void success(SecretBundle secretBundle) {
if (secretBundle != null) {
subscriber.onNext(new Pair<>(secretName, secretBundle.value()));
}
subscriber.onCompleted();
}
});
}
}).subscribeOn(Schedulers.io());
}, 5).subscribeOn(Schedulers.io()).toBlocking().subscribe(new Action1<Pair<String, String>>() {
@Override
public void call(Pair<String, String> secretNameAndValue) {
secretNamesAndValueMap.put(secretNameAndValue.first(), secretNameAndValue.second());
}
});
String currentSecretValue;
currentSecretValue = secretNamesAndValueMap.get("vmUsername");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmUsername = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("vmPwd");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.vmPwd = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("sshPubKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.sshPubKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCACert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCACert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsCAKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsCAKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsClientKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsClientKey = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerCert");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerCert = currentSecretValue;
}
currentSecretValue = secretNamesAndValueMap.get("tlsServerKey");
if (currentSecretValue != null && !currentSecretValue.isEmpty()) {
certVault.tlsServerKey = currentSecretValue;
}
return certVault;
}
Also used :
KeyPair(com.jcraft.jsch.KeyPair)
JSch(com.jcraft.jsch.JSch)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
HashMap(java.util.HashMap)
Action1(rx.functions.Action1)
DEBUG(com.microsoft.azure.docker.ops.utils.AzureDockerUtils.DEBUG)
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
Observable(rx.Observable)
Azure(com.microsoft.azure.management.Azure)
Map(java.util.Map)
Schedulers(rx.schedulers.Schedulers)
DefaultLoader(com.microsoft.tooling.msservices.components.DefaultLoader)
ResourceGroup(com.microsoft.azure.management.resources.ResourceGroup)
Vault(com.microsoft.azure.management.keyvault.Vault)
Subscriber(rx.Subscriber)
ServiceCallback(com.microsoft.rest.ServiceCallback)
Files(java.nio.file.Files)
AzureDockerUtils(com.microsoft.azure.docker.ops.utils.AzureDockerUtils)
FileWriter(java.io.FileWriter)
Pair(com.microsoft.azuretools.utils.Pair)
SetSecretRequest(com.microsoft.azure.keyvault.requests.SetSecretRequest)
SecretPermissions(com.microsoft.azure.management.keyvault.SecretPermissions)
List(java.util.List)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)
Paths(java.nio.file.Paths)
CloudException(com.microsoft.azure.CloudException)
KeyVaultClient(com.microsoft.azure.keyvault.KeyVaultClient)
HashMap(java.util.HashMap)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
CloudException(com.microsoft.azure.CloudException)
Observable(rx.Observable)
SecretBundle(com.microsoft.azure.keyvault.models.SecretBundle)
ServiceCallback(com.microsoft.rest.ServiceCallback)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
KeyPair(com.jcraft.jsch.KeyPair)
Pair(com.microsoft.azuretools.utils.Pair)
Example 8 with AzureDockerCertVault
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(Azure azureClient, AzureDockerCertVault certVault, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (azureClient == null || certVault == null || keyVaultClient == null || certVault.name == null || certVault.resourceGroupName == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
Vault vault;
try {
vault = azureClient.vaults().getByResourceGroup(certVault.resourceGroupName, certVault.name);
certVault.uri = vault.vaultUri();
} catch (Exception e) {
throw new AzureDockerException(e.getMessage());
}
return getVault(certVault, keyVaultClient);
}
Also used :
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
Vault(com.microsoft.azure.management.keyvault.Vault)
AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
CloudException(com.microsoft.azure.CloudException)
Example 9 with AzureDockerCertVault
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureDockerCertVaultOps method getVault.
public static AzureDockerCertVault getVault(Azure azureClient, String name, String resourceGroupName, KeyVaultClient keyVaultClient) throws AzureDockerException {
if (azureClient == null || keyVaultClient == null || name == null || resourceGroupName == null) {
throw new AzureDockerException("Unexpected argument values; azureClient, vault name and resourceGroupName cannot be null");
}
AzureDockerCertVault tempVault = new AzureDockerCertVault();
tempVault.name = name;
tempVault.resourceGroupName = resourceGroupName;
return getVault(azureClient, tempVault, keyVaultClient);
}
Also used :
AzureDockerException(com.microsoft.azure.docker.model.AzureDockerException)
AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)
Example 10 with AzureDockerCertVault
use of com.microsoft.azure.docker.model.AzureDockerCertVault in project azure-tools-for-java by Microsoft.
the class AzureNewDockerLoginStep method doValidate.
private ValidationInfo doValidate(boolean shakeOnError) {
if (dockerHostImportKeyvaultCredsRadioButton.isSelected()) {
// read key vault secrets and set the credentials for the new host
AzureDockerCertVault certVault = (AzureDockerCertVault) dockerHostImportKeyvaultComboBox.getSelectedItem();
if (certVault == null) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Missing vault", rootConfigureContainerPanel, dockerHostImportKeyvaultComboBox, dockerHostImportKeyvaultComboLabel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
dockerHostImportKeyvaultComboLabel.setVisible(false);
newHost.certVault.name = certVault.name;
newHost.certVault.resourceGroupName = certVault.resourceGroupName;
newHost.certVault.region = certVault.region;
newHost.certVault.uri = certVault.uri;
AzureDockerCertVaultOps.copyVaultLoginCreds(newHost.certVault, certVault);
AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
// create a weak link (resource tag) between the virtual machine and the key vault
// we will not create/update the key vault unless the user checks the specific option
newHost.certVault.hostName = null;
newHost.hasKeyVault = true;
} else {
// reset key vault info
newHost.hasKeyVault = false;
newHost.certVault.name = null;
newHost.certVault.uri = null;
dockerHostImportKeyvaultComboLabel.setVisible(false);
// User name
String vmUsername = dockerHostUsernameTextField.getText();
if (vmUsername == null || vmUsername.isEmpty() || !AzureDockerValidationUtils.validateDockerHostUserName(vmUsername)) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Missing username", vmCredsPanel, dockerHostUsernameTextField, dockerHostUsernameLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
newHost.certVault.vmUsername = vmUsername;
// Password login
String vmPwd1 = new String(dockerHostFirstPwdField.getPassword());
String vmPwd2 = new String(dockerHostSecondPwdField.getPassword());
if ((dockerHostNoSshRadioButton.isSelected() || dockerHostFirstPwdField.getPassword().length > 0 || dockerHostSecondPwdField.getPassword().length > 0) && (vmPwd1.isEmpty() || vmPwd2.isEmpty() || !vmPwd1.equals(vmPwd2) || !AzureDockerValidationUtils.validateDockerHostPassword(vmPwd1))) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Incorrect password", vmCredsPanel, dockerHostFirstPwdField, dockerHostFirstPwdLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
dockerHostFirstPwdLabel.setVisible(false);
if (dockerHostFirstPwdField.getPassword().length > 0) {
newHost.certVault.vmPwd = new String(dockerHostFirstPwdField.getPassword());
newHost.hasPwdLogIn = true;
} else {
newHost.certVault.vmPwd = null;
newHost.hasPwdLogIn = false;
}
// SSH key auto generated
if (dockerHostAutoSshRadioButton.isSelected()) {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.generateSSHKeys(null, "SSH keys for " + newHost.name);
AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
newHost.hasSSHLogIn = true;
}
if (dockerHostNoSshRadioButton.isSelected()) {
newHost.hasSSHLogIn = false;
newHost.certVault.sshKey = null;
newHost.certVault.sshPubKey = null;
}
// SSH key imported from local file directory
if (dockerHostImportSshRadioButton.isSelected()) {
if (dockerHostImportSSHBrowseTextField.getText() == null || dockerHostImportSSHBrowseTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostSshDirectory(dockerHostImportSSHBrowseTextField.getText())) {
ValidationInfo info = AzureDockerUIResources.validateComponent("SSH key files were not found in the selected directory", vmCredsPanel, dockerHostImportSSHBrowseTextField, dockerHostImportSSHBrowseLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
} else {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.getSSHKeysFromLocalFile(dockerHostImportSSHBrowseTextField.getText());
AzureDockerCertVaultOps.copyVaultSshKeys(newHost.certVault, certVault);
newHost.hasSSHLogIn = true;
}
}
// No Docker daemon security
if (dockerHostNoTlsRadioButton.isSelected()) {
newHost.isTLSSecured = false;
}
// TLS certs auto generated
if (dockerHostAutoTlsRadioButton.isSelected()) {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.generateTLSCerts("TLS certs for " + newHost.name);
AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
newHost.isTLSSecured = true;
}
// TLS certs imported from local file directory
if (dockerHostImportTlsRadioButton.isSelected()) {
if (dockerHostImportTLSBrowseTextField.getText() == null || dockerHostImportTLSBrowseTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostTlsDirectory(dockerHostImportTLSBrowseTextField.getText())) {
ValidationInfo info = AzureDockerUIResources.validateComponent("TLS certificates files were not found in the selected directory", vmCredsPanel, dockerHostImportTLSBrowseTextField, dockerHostImportTLSBrowseLabel);
credsTabbedPane.setSelectedComponent(vmCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
} else {
AzureDockerCertVault certVault = AzureDockerCertVaultOps.getTLSCertsFromLocalFile(dockerHostImportTLSBrowseTextField.getText());
AzureDockerCertVaultOps.copyVaultTlsCerts(newHost.certVault, certVault);
newHost.isTLSSecured = true;
}
}
}
// Docker daemon port settings
if (dockerDaemonPortTextField.getText() == null || dockerDaemonPortTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostPort(dockerDaemonPortTextField.getText())) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Invalid Docker daemon port settings", daemonCredsPanel, dockerDaemonPortTextField, dockerDaemonPortLabel);
credsTabbedPane.setSelectedComponent(daemonCredsPanel);
setDialogButtonsState(false);
if (shakeOnError) {
model.DialogShaker(info);
}
return info;
}
newHost.port = dockerDaemonPortTextField.getText();
// create new key vault for storing the credentials
if (dockerHostSaveCredsCheckBox.isSelected()) {
if (dockerHostNewKeyvaultTextField.getText() == null || dockerHostNewKeyvaultTextField.getText().isEmpty() || !AzureDockerValidationUtils.validateDockerHostKeyvaultName(dockerHostNewKeyvaultTextField.getText(), dockerManager, true)) {
ValidationInfo info = AzureDockerUIResources.validateComponent("Incorrect Azure Key Vault", rootConfigureContainerPanel, dockerHostNewKeyvaultTextField, dockerHostNewKeyvaultLabel);
setDialogButtonsState(false);
return info;
} else {
newHost.hasKeyVault = true;
newHost.certVault.name = dockerHostNewKeyvaultTextField.getText();
newHost.certVault.hostName = (newHost.name != null) ? newHost.name : null;
newHost.certVault.region = (newHost.hostVM.region != null) ? newHost.hostVM.region : null;
newHost.certVault.resourceGroupName = (newHost.hostVM.resourceGroupName != null) ? newHost.hostVM.resourceGroupName : null;
newHost.certVault.uri = (newHost.hostVM.region != null && newHost.hostVM.resourceGroupName != null) ? "https://" + newHost.certVault.name + ".vault.azure.net" : null;
}
} else {
newHost.certVault.hostName = null;
}
setDialogButtonsState(true);
return null;
}
Also used :
ValidationInfo(com.intellij.openapi.ui.ValidationInfo)
AzureDockerCertVault(com.microsoft.azure.docker.model.AzureDockerCertVault)
Aggregations
AzureDockerCertVault (com.microsoft.azure.docker.model.AzureDockerCertVault)18
AzureDockerException (com.microsoft.azure.docker.model.AzureDockerException)8
CloudException (com.microsoft.azure.CloudException)7
KeyVaultClient (com.microsoft.azure.keyvault.KeyVaultClient)3
Azure (com.microsoft.azure.management.Azure)3
Vault (com.microsoft.azure.management.keyvault.Vault)3
ValidationInfo (com.intellij.openapi.ui.ValidationInfo)2
JSch (com.jcraft.jsch.JSch)2
KeyPair (com.jcraft.jsch.KeyPair)2
ResourceGroup (com.microsoft.azure.management.resources.ResourceGroup)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
Date (java.util.Date)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
ModifyEvent (org.eclipse.swt.events.ModifyEvent)2
ModifyListener (org.eclipse.swt.events.ModifyListener)2
SelectionAdapter (org.eclipse.swt.events.SelectionAdapter)2
SelectionEvent (org.eclipse.swt.events.SelectionEvent)2
DirectoryDialog (org.eclipse.swt.widgets.DirectoryDialog)2
Text (org.eclipse.swt.widgets.Text)2
