Example 1 with ServiceAccount
use of com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount in project front50 by spinnaker.
the class ServiceAccountsService method createServiceAccount.
public ServiceAccount createServiceAccount(ServiceAccount serviceAccount) {
ServiceAccount acct = serviceAccountDAO.create(serviceAccount.getId(), serviceAccount);
syncUsers(Collections.singletonList(acct));
return acct;
}
Also used :
ServiceAccount(com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount)
Example 2 with ServiceAccount
use of com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount in project front50 by spinnaker.
the class SharedManagedServiceAccountsMigration method migrate.
private void migrate(Pipeline pipeline, Map<String, ServiceAccount> serviceAccounts) {
log.info("Starting migration of pipeline '{}' with id '{}' for application '{}'", value("pipelineName", pipeline.getName()), value("application", pipeline.getApplication()), value("pipelineId", pipeline.getId()));
Set<String> newRoles = new HashSet<>();
List<String> existingRoles = (List) pipeline.getRoles();
if (existingRoles != null) {
existingRoles.stream().map(String::toLowerCase).forEach(newRoles::add);
}
List<Trigger> triggers = pipeline.getTriggers();
triggers.forEach(trigger -> {
String runAsUser = (String) trigger.get(RUN_AS_USER);
if (hasManagedServiceAccountUser(runAsUser)) {
ServiceAccount managedServiceAccount = serviceAccounts.get(runAsUser);
if (managedServiceAccount != null && !managedServiceAccount.getMemberOf().isEmpty()) {
managedServiceAccount.getMemberOf().stream().map(String::toLowerCase).forEach(newRoles::add);
}
}
});
String sharedManagedServiceAccountName = generatedSharedManagedServiceAccountName(newRoles);
ServiceAccount sharedManagedServiceAccount = new ServiceAccount();
sharedManagedServiceAccount.setName(sharedManagedServiceAccountName);
triggers.forEach(trigger -> {
String runAsUser = (String) trigger.get(RUN_AS_USER);
log.info("Replacing '{}' with automatic service user '{}' (application: '{}', pipelineName: '{}', " + "pipelineId: '{}')", value("oldServiceUser", runAsUser), value("newServiceUser", sharedManagedServiceAccountName), value("application", pipeline.getApplication()), value("pipelineName", pipeline.getName()), value("pipelineId", pipeline.getId()));
trigger.put(RUN_AS_USER, sharedManagedServiceAccountName);
});
log.info("Creating service user '{}' wih roles {}", sharedManagedServiceAccountName, newRoles);
sharedManagedServiceAccount.getMemberOf().addAll(newRoles);
pipeline.setRoles(new ArrayList(newRoles));
pipeline.setTriggers(triggers);
serviceAccountDAO.create(sharedManagedServiceAccount.getId(), sharedManagedServiceAccount);
pipelineDAO.update(pipeline.getId(), pipeline);
}Example 3 with ServiceAccount
use of com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount in project front50 by spinnaker.
the class ServiceAccountsService method deleteServiceAccount.
public void deleteServiceAccount(String serviceAccountId) {
ServiceAccount acct = serviceAccountDAO.findById(serviceAccountId);
deleteServiceAccounts(Collections.singletonList(acct));
}
Also used :
ServiceAccount(com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount)
Aggregations
ServiceAccount (com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccount)3
Trigger (com.netflix.spinnaker.front50.api.model.pipeline.Trigger)1
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
List (java.util.List)1
