use of com.sequenceiq.freeipa.client.model.Role in project cloudbreak by hortonworks.
the class KerberosMgmtRoleComponent method deleteRoleIfItIsNoLongerUsed.
public void deleteRoleIfItIsNoLongerUsed(String role, FreeIpaClient ipaClient) throws FreeIpaClientException {
if (role != null) {
Optional<Role> optionalRole = FreeIpaClientExceptionUtil.ignoreNotFoundExceptionWithValue(() -> ipaClient.showRole(role), "Role [{}} not found", role);
if (optionalRole.isPresent()) {
Role ipaRole = optionalRole.get();
List<String> usesOfRole = new ArrayList<>();
usesOfRole.addAll(ipaRole.getMemberUser());
usesOfRole.addAll(ipaRole.getMemberGroup());
usesOfRole.addAll(ipaRole.getMemberHost());
usesOfRole.addAll(ipaRole.getMemberHostGroup());
usesOfRole.addAll(ipaRole.getMemberService());
if (usesOfRole.isEmpty()) {
FreeIpaClientExceptionUtil.ignoreNotFoundException(() -> ipaClient.deleteRole(role), "The role [{}] does not exist, so it was not deleted.", role);
} else {
LOGGER.debug("The role {} is still in use, so it was not deleted.", role);
}
}
}
}
use of com.sequenceiq.freeipa.client.model.Role in project cloudbreak by hortonworks.
the class KerberosMgmtRoleComponent method addRoleAndPrivileges.
public void addRoleAndPrivileges(Optional<Service> service, Optional<Host> host, RoleRequest roleRequest, FreeIpaClient ipaClient) throws FreeIpaClientException {
if (roleRequest != null && StringUtils.isNotBlank(roleRequest.getRoleName())) {
Role role = fetchOrCreateRole(roleRequest, ipaClient);
addPrivilegesToRole(roleRequest.getPrivileges(), ipaClient, role);
Set<String> servicesToAssignRole = service.stream().filter(s -> s.getMemberOfRole().stream().noneMatch(member -> member.contains(roleRequest.getRoleName()))).map(Service::getKrbcanonicalname).collect(Collectors.toSet());
Set<String> hostsToAssignRole = host.stream().filter(h -> h.getMemberOfRole().stream().noneMatch(member -> member.contains(roleRequest.getRoleName()))).map(Host::getFqdn).collect(Collectors.toSet());
LOGGER.debug("Adding role [{}] to host {} and service {}", role.getCn(), hostsToAssignRole, servicesToAssignRole);
ipaClient.addRoleMember(role.getCn(), null, null, hostsToAssignRole, null, servicesToAssignRole);
} else {
LOGGER.debug("RoleRequest or role name is empty, skipping adding privileges. {}", roleRequest);
}
}
use of com.sequenceiq.freeipa.client.model.Role in project cloudbreak by hortonworks.
the class RoleAddResponse method handleInternal.
@Override
protected Role handleInternal(List<CloudVmMetaDataStatus> metadatas, String body) {
Role role = new Role();
role.setCn("roleName");
role.setMemberUser(List.of());
role.setMemberGroup(List.of());
role.setMemberHost(List.of());
role.setMemberHostGroup(List.of());
role.setMemberService(List.of());
return role;
}
Aggregations