Search in sources :

Example 1 with UiSecurity

use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.

the class SecurityController method setUiSecurity.

@RequestMapping(value = "/ui/", method = RequestMethod.PUT)
DaemonTask<Halconfig, Void> setUiSecurity(@PathVariable String deploymentName, @RequestParam(required = false, defaultValue = DefaultControllerValues.validate) boolean validate, @RequestParam(required = false, defaultValue = DefaultControllerValues.severity) Severity severity, @RequestBody Object rawUiSecurity) {
    UiSecurity uiSecurity = objectMapper.convertValue(rawUiSecurity, UiSecurity.class);
    UpdateRequestBuilder builder = new UpdateRequestBuilder();
    Path configPath = halconfigDirectoryStructure.getConfigPath(deploymentName);
    builder.setStage(() -> uiSecurity.stageLocalFiles(configPath));
    builder.setSeverity(severity);
    builder.setUpdate(() -> securityService.setUiSecurity(deploymentName, uiSecurity));
    builder.setValidate(ProblemSet::new);
    if (validate) {
        builder.setValidate(() -> securityService.validateUiSecurity(deploymentName));
    }
    builder.setRevert(() -> halconfigParser.undoChanges());
    builder.setSave(() -> halconfigParser.saveConfig());
    builder.setClean(() -> halconfigParser.cleanLocalFiles(configPath));
    return DaemonTaskHandler.submitTask(builder::build, "Edit UI security settings");
}
Also used : Path(java.nio.file.Path) UiSecurity(com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity) UpdateRequestBuilder(com.netflix.spinnaker.halyard.core.DaemonResponse.UpdateRequestBuilder) ProblemSet(com.netflix.spinnaker.halyard.core.problem.v1.ProblemSet) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with UiSecurity

use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.

the class UiSecurityEditCommand method executeThis.

@Override
protected void executeThis() {
    String currentDeployment = getCurrentDeployment();
    UiSecurity uiSecurity = new OperationHandler<UiSecurity>().setOperation(Daemon.getUiSecurity(currentDeployment, false)).setFailureMesssage("Failed to load UI security settings.").get();
    int originalHash = uiSecurity.hashCode();
    uiSecurity.setOverrideBaseUrl(isSet(overrideBaseUrl) ? overrideBaseUrl : uiSecurity.getOverrideBaseUrl());
    if (originalHash == uiSecurity.hashCode()) {
        AnsiUi.failure("No changes supplied.");
        return;
    }
    new OperationHandler<Void>().setOperation(Daemon.setUiSecurity(currentDeployment, !noValidate, uiSecurity)).setFailureMesssage("Failed to edit UI security settings.").setSuccessMessage("Successfully updated UI security settings.").get();
}
Also used : UiSecurity(com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity) OperationHandler(com.netflix.spinnaker.halyard.cli.services.v1.OperationHandler)

Example 3 with UiSecurity

use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.

the class DeckProfileFactory method setProfile.

@Override
protected void setProfile(Profile profile, DeploymentConfiguration deploymentConfiguration, SpinnakerRuntimeSettings endpoints) {
    StringResource configTemplate = new StringResource(profile.getBaseContents());
    UiSecurity uiSecurity = deploymentConfiguration.getSecurity().getUiSecurity();
    profile.setUser(ApacheSettings.APACHE_USER);
    Features features = deploymentConfiguration.getFeatures();
    Notifications notifications = deploymentConfiguration.getNotifications();
    Map<String, Object> bindings = new HashMap<>();
    String version = deploymentConfiguration.getVersion();
    // Configure global settings
    bindings.put("gate.baseUrl", endpoints.getServices().getGate().getBaseUrl());
    bindings.put("timezone", deploymentConfiguration.getTimezone());
    bindings.put("version", deploymentConfiguration.getVersion());
    Optional<Versions.Version> validatedVersion = versionsService.getVersions().getVersion(version);
    if (validatedVersion.isPresent()) {
        String changelog = validatedVersion.get().getChangelog();
        bindings.put("changelog.gist.id", changelog.substring(changelog.lastIndexOf("/") + 1));
        bindings.put("changelog.gist.name", "changelog.md");
    } else {
        bindings.put("changelog.gist.id", "");
        bindings.put("changelog.gist.name", "");
    }
    // Configure feature-flags
    bindings.put("features.auth", Boolean.toString(features.isAuth(deploymentConfiguration)));
    bindings.put("features.chaos", Boolean.toString(features.isChaos()));
    bindings.put("features.jobs", Boolean.toString(features.isJobs()));
    bindings.put("features.fiat", Boolean.toString(deploymentConfiguration.getSecurity().getAuthz().isEnabled()));
    bindings.put("features.pipelineTemplates", Boolean.toString(features.getPipelineTemplates() != null ? features.getPipelineTemplates() : false));
    bindings.put("features.artifacts", Boolean.toString(features.getArtifacts() != null ? features.getArtifacts() : false));
    bindings.put("features.mineCanary", Boolean.toString(features.getMineCanary() != null ? features.getMineCanary() : false));
    // Configure Kubernetes
    KubernetesProvider kubernetesProvider = deploymentConfiguration.getProviders().getKubernetes();
    bindings.put("kubernetes.default.account", kubernetesProvider.getPrimaryAccount());
    bindings.put("kubernetes.default.namespace", "default");
    bindings.put("kubernetes.default.proxy", "localhost:8001");
    // Configure GCE
    GoogleProvider googleProvider = deploymentConfiguration.getProviders().getGoogle();
    bindings.put("google.default.account", googleProvider.getPrimaryAccount());
    bindings.put("google.default.region", "us-central1");
    bindings.put("google.default.zone", "us-central1-f");
    // Configure Azure
    AzureProvider azureProvider = deploymentConfiguration.getProviders().getAzure();
    bindings.put("azure.default.account", azureProvider.getPrimaryAccount());
    bindings.put("azure.default.region", "westus");
    // Configure Appengine
    AppengineProvider appengineProvider = deploymentConfiguration.getProviders().getAppengine();
    bindings.put("appengine.default.account", appengineProvider.getPrimaryAccount());
    bindings.put("appengine.enabled", Boolean.toString(appengineProvider.getPrimaryAccount() != null));
    // Configure DC/OS
    final DCOSProvider dcosProvider = deploymentConfiguration.getProviders().getDcos();
    bindings.put("dcos.default.account", dcosProvider.getPrimaryAccount());
    // TODO(willgorman) need to set the proxy url somehow
    // Configure Openstack
    OpenstackProvider openstackProvider = deploymentConfiguration.getProviders().getOpenstack();
    bindings.put("openstack.default.account", openstackProvider.getPrimaryAccount());
    if (openstackProvider.getPrimaryAccount() != null) {
        OpenstackAccount openstackAccount = (OpenstackAccount) accountService.getProviderAccount(deploymentConfiguration.getName(), "openstack", openstackProvider.getPrimaryAccount());
        String firstRegion = openstackAccount.getRegions().get(0);
        bindings.put("openstack.default.region", firstRegion);
    }
    // Configure notifications
    bindings.put("notifications.enabled", notifications.isEnabled() + "");
    SlackNotification slackNotification = notifications.getSlack();
    bindings.put("notifications.slack.enabled", slackNotification.isEnabled() + "");
    bindings.put("notifications.slack.botName", slackNotification.getBotName());
    // Configure canary
    Canary canary = deploymentConfiguration.getCanary();
    bindings.put("canary.atlasWebComponentsUrl", canary.getAtlasWebComponentsUrl());
    bindings.put("canary.featureEnabled", Boolean.toString(canary.isEnabled()));
    if (canary.isEnabled()) {
        // TODO(duftler): Automatically choose the first metrics/storage/judge here if unspecified?
        bindings.put("canary.reduxLogger", canary.isReduxLoggerEnabled());
        bindings.put("canary.defaultMetricsAccount", canary.getDefaultMetricsAccount());
        bindings.put("canary.defaultStorageAccount", canary.getDefaultStorageAccount());
        bindings.put("canary.defaultJudge", canary.getDefaultJudge());
        bindings.put("canary.defaultMetricsStore", canary.getDefaultMetricsStore());
        bindings.put("canary.stages", canary.isStagesEnabled());
        bindings.put("canary.templatesEnabled", canary.isTemplatesEnabled());
        bindings.put("canary.showAllCanaryConfigs", canary.isShowAllConfigsEnabled());
    }
    profile.appendContents(configTemplate.setBindings(bindings).toString()).setRequiredFiles(backupRequiredFiles(uiSecurity, deploymentConfiguration.getName()));
}
Also used : HashMap(java.util.HashMap) AzureProvider(com.netflix.spinnaker.halyard.config.model.v1.providers.azure.AzureProvider) AppengineProvider(com.netflix.spinnaker.halyard.config.model.v1.providers.appengine.AppengineProvider) Canary(com.netflix.spinnaker.halyard.config.model.v1.canary.Canary) StringResource(com.netflix.spinnaker.halyard.core.resource.v1.StringResource) KubernetesProvider(com.netflix.spinnaker.halyard.config.model.v1.providers.kubernetes.KubernetesProvider) OpenstackProvider(com.netflix.spinnaker.halyard.config.model.v1.providers.openstack.OpenstackProvider) UiSecurity(com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity) SlackNotification(com.netflix.spinnaker.halyard.config.model.v1.notifications.SlackNotification) DCOSProvider(com.netflix.spinnaker.halyard.config.model.v1.providers.dcos.DCOSProvider) Features(com.netflix.spinnaker.halyard.config.model.v1.node.Features) Notifications(com.netflix.spinnaker.halyard.config.model.v1.node.Notifications) GoogleProvider(com.netflix.spinnaker.halyard.config.model.v1.providers.google.GoogleProvider) OpenstackAccount(com.netflix.spinnaker.halyard.config.model.v1.providers.openstack.OpenstackAccount)

Example 4 with UiSecurity

use of com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity in project halyard by spinnaker.

the class ApacheSpinnakerProfileFactory method getBindings.

@Override
protected Map<String, Object> getBindings(DeploymentConfiguration deploymentConfiguration, SpinnakerRuntimeSettings endpoints) {
    TemplatedResource resource = new StringResource(SSL_TEMPLATE);
    Map<String, Object> bindings = new HashMap<>();
    UiSecurity uiSecurity = deploymentConfiguration.getSecurity().getUiSecurity();
    ApacheSsl apacheSsl = uiSecurity.getSsl();
    bindings.put("cert-file", apacheSsl.getSslCertificateFile());
    bindings.put("key-file", apacheSsl.getSslCertificateKeyFile());
    String ssl = resource.setBindings(bindings).toString();
    bindings.clear();
    bindings.put("ssl", ssl);
    bindings.put("deck-host", endpoints.getServices().getDeck().getHost());
    bindings.put("deck-port", endpoints.getServices().getDeck().getPort() + "");
    return bindings;
}
Also used : StringResource(com.netflix.spinnaker.halyard.core.resource.v1.StringResource) UiSecurity(com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity) HashMap(java.util.HashMap) ApacheSsl(com.netflix.spinnaker.halyard.config.model.v1.security.ApacheSsl) TemplatedResource(com.netflix.spinnaker.halyard.core.resource.v1.TemplatedResource)

Aggregations

UiSecurity (com.netflix.spinnaker.halyard.config.model.v1.security.UiSecurity)4 StringResource (com.netflix.spinnaker.halyard.core.resource.v1.StringResource)2 HashMap (java.util.HashMap)2 OperationHandler (com.netflix.spinnaker.halyard.cli.services.v1.OperationHandler)1 Canary (com.netflix.spinnaker.halyard.config.model.v1.canary.Canary)1 Features (com.netflix.spinnaker.halyard.config.model.v1.node.Features)1 Notifications (com.netflix.spinnaker.halyard.config.model.v1.node.Notifications)1 SlackNotification (com.netflix.spinnaker.halyard.config.model.v1.notifications.SlackNotification)1 AppengineProvider (com.netflix.spinnaker.halyard.config.model.v1.providers.appengine.AppengineProvider)1 AzureProvider (com.netflix.spinnaker.halyard.config.model.v1.providers.azure.AzureProvider)1 DCOSProvider (com.netflix.spinnaker.halyard.config.model.v1.providers.dcos.DCOSProvider)1 GoogleProvider (com.netflix.spinnaker.halyard.config.model.v1.providers.google.GoogleProvider)1 KubernetesProvider (com.netflix.spinnaker.halyard.config.model.v1.providers.kubernetes.KubernetesProvider)1 OpenstackAccount (com.netflix.spinnaker.halyard.config.model.v1.providers.openstack.OpenstackAccount)1 OpenstackProvider (com.netflix.spinnaker.halyard.config.model.v1.providers.openstack.OpenstackProvider)1 ApacheSsl (com.netflix.spinnaker.halyard.config.model.v1.security.ApacheSsl)1 UpdateRequestBuilder (com.netflix.spinnaker.halyard.core.DaemonResponse.UpdateRequestBuilder)1 ProblemSet (com.netflix.spinnaker.halyard.core.problem.v1.ProblemSet)1 TemplatedResource (com.netflix.spinnaker.halyard.core.resource.v1.TemplatedResource)1 Path (java.nio.file.Path)1