use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.
the class SecurityController method setUiSecurity.
@RequestMapping(value = "/ui/", method = RequestMethod.PUT)
DaemonTask<Halconfig, Void> setUiSecurity(@PathVariable String deploymentName, @RequestParam(required = false, defaultValue = DefaultControllerValues.validate) boolean validate, @RequestParam(required = false, defaultValue = DefaultControllerValues.severity) Severity severity, @RequestBody Object rawUiSecurity) {
UiSecurity uiSecurity = objectMapper.convertValue(rawUiSecurity, UiSecurity.class);
UpdateRequestBuilder builder = new UpdateRequestBuilder();
Path configPath = halconfigDirectoryStructure.getConfigPath(deploymentName);
builder.setStage(() -> uiSecurity.stageLocalFiles(configPath));
builder.setSeverity(severity);
builder.setUpdate(() -> securityService.setUiSecurity(deploymentName, uiSecurity));
builder.setValidate(ProblemSet::new);
if (validate) {
builder.setValidate(() -> securityService.validateUiSecurity(deploymentName));
}
builder.setRevert(() -> halconfigParser.undoChanges());
builder.setSave(() -> halconfigParser.saveConfig());
builder.setClean(() -> halconfigParser.cleanLocalFiles(configPath));
return DaemonTaskHandler.submitTask(builder::build, "Edit UI security settings");
}
use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.
the class UiSecurityEditCommand method executeThis.
@Override
protected void executeThis() {
String currentDeployment = getCurrentDeployment();
UiSecurity uiSecurity = new OperationHandler<UiSecurity>().setOperation(Daemon.getUiSecurity(currentDeployment, false)).setFailureMesssage("Failed to load UI security settings.").get();
int originalHash = uiSecurity.hashCode();
uiSecurity.setOverrideBaseUrl(isSet(overrideBaseUrl) ? overrideBaseUrl : uiSecurity.getOverrideBaseUrl());
if (originalHash == uiSecurity.hashCode()) {
AnsiUi.failure("No changes supplied.");
return;
}
new OperationHandler<Void>().setOperation(Daemon.setUiSecurity(currentDeployment, !noValidate, uiSecurity)).setFailureMesssage("Failed to edit UI security settings.").setSuccessMessage("Successfully updated UI security settings.").get();
}
use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.
the class DeckProfileFactory method setProfile.
@Override
protected void setProfile(Profile profile, DeploymentConfiguration deploymentConfiguration, SpinnakerRuntimeSettings endpoints) {
StringResource configTemplate = new StringResource(profile.getBaseContents());
UiSecurity uiSecurity = deploymentConfiguration.getSecurity().getUiSecurity();
profile.setUser(ApacheSettings.APACHE_USER);
Features features = deploymentConfiguration.getFeatures();
Notifications notifications = deploymentConfiguration.getNotifications();
Map<String, Object> bindings = new HashMap<>();
String version = deploymentConfiguration.getVersion();
// Configure global settings
bindings.put("gate.baseUrl", endpoints.getServices().getGate().getBaseUrl());
bindings.put("timezone", deploymentConfiguration.getTimezone());
bindings.put("version", deploymentConfiguration.getVersion());
Optional<Versions.Version> validatedVersion = versionsService.getVersions().getVersion(version);
if (validatedVersion.isPresent()) {
String changelog = validatedVersion.get().getChangelog();
bindings.put("changelog.gist.id", changelog.substring(changelog.lastIndexOf("/") + 1));
bindings.put("changelog.gist.name", "changelog.md");
} else {
bindings.put("changelog.gist.id", "");
bindings.put("changelog.gist.name", "");
}
// Configure feature-flags
bindings.put("features.auth", Boolean.toString(features.isAuth(deploymentConfiguration)));
bindings.put("features.chaos", Boolean.toString(features.isChaos()));
bindings.put("features.jobs", Boolean.toString(features.isJobs()));
bindings.put("features.fiat", Boolean.toString(deploymentConfiguration.getSecurity().getAuthz().isEnabled()));
bindings.put("features.pipelineTemplates", Boolean.toString(features.getPipelineTemplates() != null ? features.getPipelineTemplates() : false));
bindings.put("features.artifacts", Boolean.toString(features.getArtifacts() != null ? features.getArtifacts() : false));
bindings.put("features.mineCanary", Boolean.toString(features.getMineCanary() != null ? features.getMineCanary() : false));
// Configure Kubernetes
KubernetesProvider kubernetesProvider = deploymentConfiguration.getProviders().getKubernetes();
bindings.put("kubernetes.default.account", kubernetesProvider.getPrimaryAccount());
bindings.put("kubernetes.default.namespace", "default");
bindings.put("kubernetes.default.proxy", "localhost:8001");
// Configure GCE
GoogleProvider googleProvider = deploymentConfiguration.getProviders().getGoogle();
bindings.put("google.default.account", googleProvider.getPrimaryAccount());
bindings.put("google.default.region", "us-central1");
bindings.put("google.default.zone", "us-central1-f");
// Configure Azure
AzureProvider azureProvider = deploymentConfiguration.getProviders().getAzure();
bindings.put("azure.default.account", azureProvider.getPrimaryAccount());
bindings.put("azure.default.region", "westus");
// Configure Appengine
AppengineProvider appengineProvider = deploymentConfiguration.getProviders().getAppengine();
bindings.put("appengine.default.account", appengineProvider.getPrimaryAccount());
bindings.put("appengine.enabled", Boolean.toString(appengineProvider.getPrimaryAccount() != null));
// Configure DC/OS
final DCOSProvider dcosProvider = deploymentConfiguration.getProviders().getDcos();
bindings.put("dcos.default.account", dcosProvider.getPrimaryAccount());
// TODO(willgorman) need to set the proxy url somehow
// Configure Openstack
OpenstackProvider openstackProvider = deploymentConfiguration.getProviders().getOpenstack();
bindings.put("openstack.default.account", openstackProvider.getPrimaryAccount());
if (openstackProvider.getPrimaryAccount() != null) {
OpenstackAccount openstackAccount = (OpenstackAccount) accountService.getProviderAccount(deploymentConfiguration.getName(), "openstack", openstackProvider.getPrimaryAccount());
String firstRegion = openstackAccount.getRegions().get(0);
bindings.put("openstack.default.region", firstRegion);
}
// Configure notifications
bindings.put("notifications.enabled", notifications.isEnabled() + "");
SlackNotification slackNotification = notifications.getSlack();
bindings.put("notifications.slack.enabled", slackNotification.isEnabled() + "");
bindings.put("notifications.slack.botName", slackNotification.getBotName());
// Configure canary
Canary canary = deploymentConfiguration.getCanary();
bindings.put("canary.atlasWebComponentsUrl", canary.getAtlasWebComponentsUrl());
bindings.put("canary.featureEnabled", Boolean.toString(canary.isEnabled()));
if (canary.isEnabled()) {
// TODO(duftler): Automatically choose the first metrics/storage/judge here if unspecified?
bindings.put("canary.reduxLogger", canary.isReduxLoggerEnabled());
bindings.put("canary.defaultMetricsAccount", canary.getDefaultMetricsAccount());
bindings.put("canary.defaultStorageAccount", canary.getDefaultStorageAccount());
bindings.put("canary.defaultJudge", canary.getDefaultJudge());
bindings.put("canary.defaultMetricsStore", canary.getDefaultMetricsStore());
bindings.put("canary.stages", canary.isStagesEnabled());
bindings.put("canary.templatesEnabled", canary.isTemplatesEnabled());
bindings.put("canary.showAllCanaryConfigs", canary.isShowAllConfigsEnabled());
}
profile.appendContents(configTemplate.setBindings(bindings).toString()).setRequiredFiles(backupRequiredFiles(uiSecurity, deploymentConfiguration.getName()));
}
use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.
the class ApacheSpinnakerProfileFactory method getBindings.
@Override
protected Map<String, Object> getBindings(DeploymentConfiguration deploymentConfiguration, SpinnakerRuntimeSettings endpoints) {
TemplatedResource resource = new StringResource(SSL_TEMPLATE);
Map<String, Object> bindings = new HashMap<>();
UiSecurity uiSecurity = deploymentConfiguration.getSecurity().getUiSecurity();
ApacheSsl apacheSsl = uiSecurity.getSsl();
bindings.put("cert-file", apacheSsl.getSslCertificateFile());
bindings.put("key-file", apacheSsl.getSslCertificateKeyFile());
String ssl = resource.setBindings(bindings).toString();
bindings.clear();
bindings.put("ssl", ssl);
bindings.put("deck-host", endpoints.getServices().getDeck().getHost());
bindings.put("deck-port", endpoints.getServices().getDeck().getPort() + "");
return bindings;
}
Aggregations