Examples with Role com.netflix.spinnaker.fiat.model.resources.Role used on opensource projects

Search in sources :

Example 1 with Role

use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.

the class RolesController method putUserPermission.

@RequestMapping(value = "/{userId:.+}", method = RequestMethod.PUT)
public void putUserPermission(@PathVariable String userId, @RequestBody @NonNull List<String> externalRoles) {
    List<Role> convertedRoles = externalRoles.stream().map(extRole -> new Role().setSource(Role.Source.EXTERNAL).setName(extRole)).collect(Collectors.toList());
    ExternalUser extUser = new ExternalUser().setId(ControllerSupport.convert(userId)).setExternalRoles(convertedRoles);
    try {
        UserPermission userPermission = permissionsResolver.resolveAndMerge(extUser);
        log.debug("Updated user permissions (userId: {}, roles: {}, suppliedExternalRoles: {})", userId, userPermission.getRoles().stream().map(Role::getName).collect(Collectors.toList()), externalRoles);
        permissionsRepository.put(userPermission);
    } catch (PermissionResolutionException pre) {
        throw new UserPermissionModificationException(pre);
    }
}
Also used : Role(com.netflix.spinnaker.fiat.model.resources.Role) ExternalUser(com.netflix.spinnaker.fiat.permissions.ExternalUser) PathVariable(org.springframework.web.bind.annotation.PathVariable) PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException) Setter(lombok.Setter) NonNull(lombok.NonNull) PermissionsRepository(com.netflix.spinnaker.fiat.permissions.PermissionsRepository) HttpServletResponse(javax.servlet.http.HttpServletResponse) Autowired(org.springframework.beans.factory.annotation.Autowired) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) IOException(java.io.IOException) PermissionsResolver(com.netflix.spinnaker.fiat.permissions.PermissionsResolver) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) RequestBody(org.springframework.web.bind.annotation.RequestBody) List(java.util.List) Slf4j(lombok.extern.slf4j.Slf4j) ConditionalOnExpression(org.springframework.boot.autoconfigure.condition.ConditionalOnExpression) UserRolesSyncer(com.netflix.spinnaker.fiat.roles.UserRolesSyncer) Role(com.netflix.spinnaker.fiat.model.resources.Role) UserPermission(com.netflix.spinnaker.fiat.model.UserPermission) PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException) ExternalUser(com.netflix.spinnaker.fiat.permissions.ExternalUser) UserPermission(com.netflix.spinnaker.fiat.model.UserPermission) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with Role

use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.

the class LdapUserRolesProvider method loadRoles.

@Override
public List<Role> loadRoles(ExternalUser user) {
    String userId = user.getId();
    log.debug("loadRoles for user " + userId);
    if (StringUtils.isEmpty(configProps.getGroupSearchBase())) {
        return new ArrayList<>();
    }
    String fullUserDn = getUserFullDn(userId);
    if (fullUserDn == null) {
        // Likely a service account
        log.debug("fullUserDn is null for {}", userId);
        return new ArrayList<>();
    }
    String[] params = new String[] { fullUserDn, userId };
    if (log.isDebugEnabled()) {
        log.debug(new StringBuilder("Searching for groups using ").append("\ngroupSearchBase: ").append(configProps.getGroupSearchBase()).append("\ngroupSearchFilter: ").append(configProps.getGroupSearchFilter()).append("\nparams: ").append(StringUtils.join(params, " :: ")).append("\ngroupRoleAttributes: ").append(configProps.getGroupRoleAttributes()).toString());
    }
    // Copied from org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.
    Set<String> userRoles = ldapTemplate.searchForSingleAttributeValues(configProps.getGroupSearchBase(), configProps.getGroupSearchFilter(), params, configProps.getGroupRoleAttributes());
    log.debug("Got roles for user " + userId + ": " + userRoles);
    return userRoles.stream().map(role -> new Role(role).setSource(Role.Source.LDAP)).collect(Collectors.toList());
}
Also used : DirContextOperations(org.springframework.ldap.core.DirContextOperations) java.util(java.util) Setter(lombok.Setter) IncorrectResultSizeDataAccessException(org.springframework.dao.IncorrectResultSizeDataAccessException) Autowired(org.springframework.beans.factory.annotation.Autowired) NamingException(javax.naming.NamingException) StringUtils(org.apache.commons.lang3.StringUtils) MessageFormat(java.text.MessageFormat) LdapConfig(com.netflix.spinnaker.fiat.config.LdapConfig) Pair(org.apache.commons.lang3.tuple.Pair) SpringSecurityLdapTemplate(org.springframework.security.ldap.SpringSecurityLdapTemplate) ParseException(java.text.ParseException) ConditionalOnProperty(org.springframework.boot.autoconfigure.condition.ConditionalOnProperty) LdapUtils(org.springframework.security.ldap.LdapUtils) ExternalUser(com.netflix.spinnaker.fiat.permissions.ExternalUser) LdapEncoder(org.springframework.ldap.support.LdapEncoder) UserRolesProvider(com.netflix.spinnaker.fiat.roles.UserRolesProvider) Name(javax.naming.Name) Collectors(java.util.stream.Collectors) Slf4j(lombok.extern.slf4j.Slf4j) Component(org.springframework.stereotype.Component) AttributesMapper(org.springframework.ldap.core.AttributesMapper) InvalidNameException(javax.naming.InvalidNameException) Attributes(javax.naming.directory.Attributes) Role(com.netflix.spinnaker.fiat.model.resources.Role) NamingEnumeration(javax.naming.NamingEnumeration) DistinguishedName(org.springframework.ldap.core.DistinguishedName) Role(com.netflix.spinnaker.fiat.model.resources.Role)

Example 3 with Role

use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.

the class RedisPermissionsRepository method put.

@Override
public RedisPermissionsRepository put(@NonNull UserPermission permission) {
    String userId = permission.getId();
    byte[] bUserId = SafeEncoder.encode(userId);
    List<ResourceType> resourceTypes = resources.stream().map(Resource::getResourceType).collect(Collectors.toList());
    Map<ResourceType, Map<String, Resource>> resourceTypeToRedisValue = new HashMap<>(resourceTypes.size());
    permission.getAllResources().forEach(resource -> {
        resourceTypeToRedisValue.computeIfAbsent(resource.getResourceType(), key -> new HashMap<>()).put(resource.getName(), resource);
    });
    try {
        Set<Role> existingRoles = new HashSet<>(getUserRoleMapFromRedis(userId).values());
        // These updates are pre-prepared to reduce work done during the multi-key pipeline
        List<PutUpdateData> updateData = new ArrayList<>();
        for (ResourceType rt : resourceTypes) {
            Map<String, Resource> redisValue = resourceTypeToRedisValue.get(rt);
            byte[] userResourceKey = userKey(userId, rt);
            PutUpdateData pud = new PutUpdateData();
            pud.userResourceKey = userResourceKey;
            if (redisValue == null || redisValue.size() == 0) {
                pud.compressedData = null;
            } else {
                pud.compressedData = lz4Compressor.compress(objectMapper.writeValueAsBytes(redisValue));
            }
            updateData.add(pud);
        }
        AtomicReference<Response<List<String>>> serverTime = new AtomicReference<>();
        redisClientDelegate.withMultiKeyPipeline(pipeline -> {
            if (permission.isAdmin()) {
                pipeline.sadd(adminKey, bUserId);
            } else {
                pipeline.srem(adminKey, bUserId);
            }
            permission.getRoles().forEach(role -> pipeline.sadd(roleKey(role), bUserId));
            existingRoles.stream().filter(it -> !permission.getRoles().contains(it)).forEach(role -> pipeline.srem(roleKey(role), bUserId));
            for (PutUpdateData pud : updateData) {
                if (pud.compressedData == null) {
                    pipeline.del(pud.userResourceKey);
                } else {
                    byte[] tempKey = SafeEncoder.encode(UUID.randomUUID().toString());
                    pipeline.set(tempKey, pud.compressedData);
                    pipeline.rename(tempKey, pud.userResourceKey);
                }
            }
            serverTime.set(pipeline.time());
            pipeline.sadd(allUsersKey, bUserId);
            pipeline.sync();
        });
        if (UNRESTRICTED.equals(userId)) {
            String lastModified = serverTime.get().get().get(0);
            redisClientDelegate.withCommandsClient(c -> {
                log.debug("set last modified for user {} to {}", UNRESTRICTED, lastModified);
                c.set(unrestrictedLastModifiedKey(), lastModified);
            });
        }
    } catch (Exception e) {
        log.error("Storage exception writing {} entry.", userId, e);
    }
    return this;
}
Also used : java.util(java.util) net.jpountz.lz4(net.jpountz.lz4) AtomicReference(java.util.concurrent.atomic.AtomicReference) Function(java.util.function.Function) BinaryJedisCommands(redis.clients.jedis.commands.BinaryJedisCommands) SafeEncoder(redis.clients.jedis.util.SafeEncoder) redis.clients.jedis(redis.clients.jedis) Duration(java.time.Duration) TypeReference(com.fasterxml.jackson.core.type.TypeReference) RetryRegistry(io.github.resilience4j.retry.RetryRegistry) RedisClientDelegate(com.netflix.spinnaker.kork.jedis.RedisClientDelegate) Caffeine(com.github.benmanes.caffeine.cache.Caffeine) LoadingCache(com.github.benmanes.caffeine.cache.LoadingCache) NonNull(lombok.NonNull) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ResourceType(com.netflix.spinnaker.fiat.model.resources.ResourceType) IOException(java.io.IOException) UnrestrictedResourceConfig(com.netflix.spinnaker.fiat.config.UnrestrictedResourceConfig) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) ExecutionException(java.util.concurrent.ExecutionException) Resource(com.netflix.spinnaker.fiat.model.resources.Resource) Slf4j(lombok.extern.slf4j.Slf4j) IntegrationException(com.netflix.spinnaker.kork.exceptions.IntegrationException) ForkJoinPool(java.util.concurrent.ForkJoinPool) Role(com.netflix.spinnaker.fiat.model.resources.Role) Clock(java.time.Clock) SpinnakerException(com.netflix.spinnaker.kork.exceptions.SpinnakerException) UserPermission(com.netflix.spinnaker.fiat.model.UserPermission) Resource(com.netflix.spinnaker.fiat.model.resources.Resource) ResourceType(com.netflix.spinnaker.fiat.model.resources.ResourceType) AtomicReference(java.util.concurrent.atomic.AtomicReference) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) IntegrationException(com.netflix.spinnaker.kork.exceptions.IntegrationException) SpinnakerException(com.netflix.spinnaker.kork.exceptions.SpinnakerException) Role(com.netflix.spinnaker.fiat.model.resources.Role)

Example 4 with Role

use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.

the class RolesController method putUserPermission.

@RequestMapping(value = "/{userId:.+}", method = RequestMethod.POST)
public void putUserPermission(@PathVariable String userId) {
    try {
        UserPermission userPermission = permissionsResolver.resolve(ControllerSupport.convert(userId));
        log.debug("Updated user permissions (userId: {}, roles: {})", userId, userPermission.getRoles().stream().map(Role::getName).collect(Collectors.toList()));
        permissionsRepository.put(userPermission);
    } catch (PermissionResolutionException pre) {
        throw new UserPermissionModificationException(pre);
    }
}
Also used : Role(com.netflix.spinnaker.fiat.model.resources.Role) PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException) UserPermission(com.netflix.spinnaker.fiat.model.UserPermission) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with Role

use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.

the class GithubTeamsUserRolesProvider method multiLoadRoles.

@Override
public Map<String, Collection<Role>> multiLoadRoles(Collection<ExternalUser> users) {
    if (users == null || users.isEmpty()) {
        return new HashMap<>();
    }
    val emailGroupsMap = new HashMap<String, Collection<Role>>();
    users.forEach(u -> emailGroupsMap.put(u.getId(), loadRoles(u)));
    return emailGroupsMap;
}
Also used : lombok.val(lombok.val) Role(com.netflix.spinnaker.fiat.model.resources.Role)

Aggregations

Role (com.netflix.spinnaker.fiat.model.resources.Role)5 UserPermission (com.netflix.spinnaker.fiat.model.UserPermission)3 Collectors (java.util.stream.Collectors)3 Slf4j (lombok.extern.slf4j.Slf4j)3 ExternalUser (com.netflix.spinnaker.fiat.permissions.ExternalUser)2 PermissionResolutionException (com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)2 IOException (java.io.IOException)2 java.util (java.util)2 NonNull (lombok.NonNull)2 Setter (lombok.Setter)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 Caffeine (com.github.benmanes.caffeine.cache.Caffeine)1 LoadingCache (com.github.benmanes.caffeine.cache.LoadingCache)1 LdapConfig (com.netflix.spinnaker.fiat.config.LdapConfig)1 UnrestrictedResourceConfig (com.netflix.spinnaker.fiat.config.UnrestrictedResourceConfig)1 Resource (com.netflix.spinnaker.fiat.model.resources.Resource)1 ResourceType (com.netflix.spinnaker.fiat.model.resources.ResourceType)1 PermissionsRepository (com.netflix.spinnaker.fiat.permissions.PermissionsRepository)1 PermissionsResolver (com.netflix.spinnaker.fiat.permissions.PermissionsResolver)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial