Example 1 with AppengineNamedAccountCredentials
use of com.netflix.spinnaker.clouddriver.appengine.security.AppengineNamedAccountCredentials in project halyard by spinnaker.
the class AppengineAccountValidator method validate.
@Override
public void validate(ConfigProblemSetBuilder p, AppengineAccount account) {
String jsonKey = null;
String jsonPath = account.getJsonPath();
String project = account.getProject();
String knownHostsPath = account.getSshKnownHostsFilePath();
AppengineNamedAccountCredentials credentials = null;
boolean hasPassword = account.getGitHttpsPassword() != null;
boolean hasUsername = account.getGitHttpsUsername() != null && !account.getGitHttpsUsername().isEmpty();
if (hasPassword != hasUsername) {
if (!hasUsername) {
p.addProblem(Severity.ERROR, "Git HTTPS password supplied without git HTTPS username.");
} else {
p.addProblem(Severity.ERROR, "Git HTTPS username supplied without git HTTPS password.");
}
}
boolean hasSshPrivateKeyPassphrase = account.getSshPrivateKeyPassphrase() != null;
boolean hasSshPrivateKeyFilePath = account.getSshPrivateKeyFilePath() != null && !account.getSshPrivateKeyFilePath().isEmpty();
if (hasSshPrivateKeyPassphrase != hasSshPrivateKeyFilePath) {
if (!hasSshPrivateKeyFilePath) {
p.addProblem(Severity.ERROR, "SSH private key passphrase supplied without SSH private key filepath.");
} else {
p.addProblem(Severity.ERROR, "SSH private key filepath supplied without SSH private key passphrase.");
}
} else if (hasSshPrivateKeyPassphrase && hasSshPrivateKeyFilePath) {
String sshPrivateKey = ValidatingFileReader.contents(p, account.getSshPrivateKeyFilePath());
if (sshPrivateKey == null) {
return;
} else if (sshPrivateKey.isEmpty()) {
p.addProblem(Severity.WARNING, "The supplied SSH private key file is empty.");
} else {
try {
// Assumes that the public key is sitting next to the private key with the extension ".pub".
KeyPair keyPair = KeyPair.load(new JSch(), account.getSshPrivateKeyFilePath());
boolean decrypted = keyPair.decrypt(account.getSshPrivateKeyPassphrase());
if (!decrypted) {
p.addProblem(Severity.ERROR, "Could not unlock SSH public/private keypair with supplied passphrase.");
}
} catch (JSchException e) {
p.addProblem(Severity.ERROR, "Could not unlock SSH public/private keypair: " + e.getMessage() + ".");
}
}
}
if (knownHostsPath != null && !knownHostsPath.isEmpty()) {
String knownHosts = ValidatingFileReader.contents(p, knownHostsPath);
if (knownHosts == null) {
return;
}
if (knownHosts.isEmpty()) {
p.addProblem(Severity.WARNING, "The supplied known_hosts file is empty.");
}
}
if (jsonPath != null && !jsonPath.isEmpty()) {
jsonKey = ValidatingFileReader.contents(p, account.getJsonPath());
if (jsonKey == null) {
return;
}
if (jsonKey.isEmpty()) {
p.addProblem(Severity.WARNING, "The supplied credentials file is empty.");
}
}
if (jsonPath != null && !jsonPath.isEmpty() && account.isSshTrustUnknownHosts()) {
p.addProblem(Severity.WARNING, "You have supplied a known_hosts file path and set the `--ssh-trust-unknown-hosts` flag to true." + " Spinnaker will ignore your `--ssh-trust-unknown-hosts` flag.").setRemediation("Run `--ssh-trust-unknown-hosts false`.");
}
if (account.getProject() == null || account.getProject().isEmpty()) {
p.addProblem(Severity.ERROR, "No appengine project supplied.");
return;
}
try {
credentials = new AppengineNamedAccountCredentials.Builder().jsonKey(jsonKey).project(project).region("halyard").applicationName("halyard " + halyardVersion).build();
} catch (Exception e) {
p.addProblem(Severity.ERROR, "Error instantiating appengine credentials: " + e.getMessage() + ".");
return;
}
try {
credentials.getAppengine().apps().get(project).execute();
} catch (GoogleJsonResponseException e) {
if (e.getStatusCode() == 404) {
p.addProblem(Severity.ERROR, "No appengine application found for project " + project + ".").setRemediation("Run `gcloud app create --region <region>` to create an appengine application.");
} else {
p.addProblem(Severity.ERROR, "Failed to connect to appengine Admin API: " + e.getMessage() + ".");
}
} catch (Exception e) {
p.addProblem(Severity.ERROR, "Failed to connect to appengine Admin API: " + e.getMessage() + ".");
}
}
Also used :
JSchException(com.jcraft.jsch.JSchException)
GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException)
KeyPair(com.jcraft.jsch.KeyPair)
ConfigProblemSetBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder)
AppengineNamedAccountCredentials(com.netflix.spinnaker.clouddriver.appengine.security.AppengineNamedAccountCredentials)
JSch(com.jcraft.jsch.JSch)
GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException)
JSchException(com.jcraft.jsch.JSchException)
Aggregations
GoogleJsonResponseException (com.google.api.client.googleapis.json.GoogleJsonResponseException)1
JSch (com.jcraft.jsch.JSch)1
JSchException (com.jcraft.jsch.JSchException)1
KeyPair (com.jcraft.jsch.KeyPair)1
AppengineNamedAccountCredentials (com.netflix.spinnaker.clouddriver.appengine.security.AppengineNamedAccountCredentials)1
ConfigProblemSetBuilder (com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder)1
