use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.
the class RolesController method putUserPermission.
@RequestMapping(value = "/{userId:.+}", method = RequestMethod.PUT)
public void putUserPermission(@PathVariable String userId, @RequestBody @NonNull List<String> externalRoles) {
List<Role> convertedRoles = externalRoles.stream().map(extRole -> new Role().setSource(Role.Source.EXTERNAL).setName(extRole)).collect(Collectors.toList());
ExternalUser extUser = new ExternalUser().setId(ControllerSupport.convert(userId)).setExternalRoles(convertedRoles);
try {
UserPermission userPermission = permissionsResolver.resolveAndMerge(extUser);
log.debug("Updated user permissions (userId: {}, roles: {}, suppliedExternalRoles: {})", userId, userPermission.getRoles().stream().map(Role::getName).collect(Collectors.toList()), externalRoles);
permissionsRepository.put(userPermission);
} catch (PermissionResolutionException pre) {
throw new UserPermissionModificationException(pre);
}
}
use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.
the class LdapUserRolesProvider method loadRoles.
@Override
public List<Role> loadRoles(ExternalUser user) {
String userId = user.getId();
log.debug("loadRoles for user " + userId);
if (StringUtils.isEmpty(configProps.getGroupSearchBase())) {
return new ArrayList<>();
}
String fullUserDn = getUserFullDn(userId);
if (fullUserDn == null) {
// Likely a service account
log.debug("fullUserDn is null for {}", userId);
return new ArrayList<>();
}
String[] params = new String[] { fullUserDn, userId };
if (log.isDebugEnabled()) {
log.debug(new StringBuilder("Searching for groups using ").append("\ngroupSearchBase: ").append(configProps.getGroupSearchBase()).append("\ngroupSearchFilter: ").append(configProps.getGroupSearchFilter()).append("\nparams: ").append(StringUtils.join(params, " :: ")).append("\ngroupRoleAttributes: ").append(configProps.getGroupRoleAttributes()).toString());
}
// Copied from org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.
Set<String> userRoles = ldapTemplate.searchForSingleAttributeValues(configProps.getGroupSearchBase(), configProps.getGroupSearchFilter(), params, configProps.getGroupRoleAttributes());
log.debug("Got roles for user " + userId + ": " + userRoles);
return userRoles.stream().map(role -> new Role(role).setSource(Role.Source.LDAP)).collect(Collectors.toList());
}
use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.
the class RedisPermissionsRepository method put.
@Override
public RedisPermissionsRepository put(@NonNull UserPermission permission) {
String userId = permission.getId();
byte[] bUserId = SafeEncoder.encode(userId);
List<ResourceType> resourceTypes = resources.stream().map(Resource::getResourceType).collect(Collectors.toList());
Map<ResourceType, Map<String, Resource>> resourceTypeToRedisValue = new HashMap<>(resourceTypes.size());
permission.getAllResources().forEach(resource -> {
resourceTypeToRedisValue.computeIfAbsent(resource.getResourceType(), key -> new HashMap<>()).put(resource.getName(), resource);
});
try {
Set<Role> existingRoles = new HashSet<>(getUserRoleMapFromRedis(userId).values());
// These updates are pre-prepared to reduce work done during the multi-key pipeline
List<PutUpdateData> updateData = new ArrayList<>();
for (ResourceType rt : resourceTypes) {
Map<String, Resource> redisValue = resourceTypeToRedisValue.get(rt);
byte[] userResourceKey = userKey(userId, rt);
PutUpdateData pud = new PutUpdateData();
pud.userResourceKey = userResourceKey;
if (redisValue == null || redisValue.size() == 0) {
pud.compressedData = null;
} else {
pud.compressedData = lz4Compressor.compress(objectMapper.writeValueAsBytes(redisValue));
}
updateData.add(pud);
}
AtomicReference<Response<List<String>>> serverTime = new AtomicReference<>();
redisClientDelegate.withMultiKeyPipeline(pipeline -> {
if (permission.isAdmin()) {
pipeline.sadd(adminKey, bUserId);
} else {
pipeline.srem(adminKey, bUserId);
}
permission.getRoles().forEach(role -> pipeline.sadd(roleKey(role), bUserId));
existingRoles.stream().filter(it -> !permission.getRoles().contains(it)).forEach(role -> pipeline.srem(roleKey(role), bUserId));
for (PutUpdateData pud : updateData) {
if (pud.compressedData == null) {
pipeline.del(pud.userResourceKey);
} else {
byte[] tempKey = SafeEncoder.encode(UUID.randomUUID().toString());
pipeline.set(tempKey, pud.compressedData);
pipeline.rename(tempKey, pud.userResourceKey);
}
}
serverTime.set(pipeline.time());
pipeline.sadd(allUsersKey, bUserId);
pipeline.sync();
});
if (UNRESTRICTED.equals(userId)) {
String lastModified = serverTime.get().get().get(0);
redisClientDelegate.withCommandsClient(c -> {
log.debug("set last modified for user {} to {}", UNRESTRICTED, lastModified);
c.set(unrestrictedLastModifiedKey(), lastModified);
});
}
} catch (Exception e) {
log.error("Storage exception writing {} entry.", userId, e);
}
return this;
}
use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.
the class RolesController method putUserPermission.
@RequestMapping(value = "/{userId:.+}", method = RequestMethod.POST)
public void putUserPermission(@PathVariable String userId) {
try {
UserPermission userPermission = permissionsResolver.resolve(ControllerSupport.convert(userId));
log.debug("Updated user permissions (userId: {}, roles: {})", userId, userPermission.getRoles().stream().map(Role::getName).collect(Collectors.toList()));
permissionsRepository.put(userPermission);
} catch (PermissionResolutionException pre) {
throw new UserPermissionModificationException(pre);
}
}
use of com.netflix.spinnaker.fiat.model.resources.Role in project fiat by spinnaker.
the class GithubTeamsUserRolesProvider method multiLoadRoles.
@Override
public Map<String, Collection<Role>> multiLoadRoles(Collection<ExternalUser> users) {
if (users == null || users.isEmpty()) {
return new HashMap<>();
}
val emailGroupsMap = new HashMap<String, Collection<Role>>();
users.forEach(u -> emailGroupsMap.put(u.getId(), loadRoles(u)));
return emailGroupsMap;
}
Aggregations