Example 1 with AzRulesType
use of com.tremolosecurity.config.xml.AzRulesType in project OpenUnison by TremoloSecurity.
the class OrgTypeHolder method addOrg.
private void addOrg(TremoloType tremolo, Object o) {
JSONObject trustObj = (JSONObject) o;
JSONObject metadata = (JSONObject) trustObj.get("metadata");
JSONObject spec = (JSONObject) trustObj.get("spec");
logger.info(metadata.get("name"));
StringBuffer b = new StringBuffer();
OrgType org = new OrgType();
String label = (String) spec.get("label");
if (label == null) {
org.setName((String) metadata.get("name"));
} else {
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, label);
org.setName(b.toString());
}
if (spec.get("description") != null) {
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) spec.get("description"));
org.setDescription(b.toString());
}
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) spec.get("uuid"));
org.setUuid(b.toString());
org.setShowInPortal(((Boolean) spec.get("showInPortal")));
org.setShowInReports(((Boolean) spec.get("showInReports")));
org.setShowInRequestsAccess(((Boolean) spec.get("showInRequestAccess")));
org.setAzRules(new AzRulesType());
String parentId = (String) spec.get("parent");
JSONArray rules = (JSONArray) spec.get("azRules");
for (Object orr : rules) {
JSONObject rule = (JSONObject) orr;
AzRuleType art = new AzRuleType();
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) rule.get("scope"));
art.setScope(b.toString());
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) rule.get("constraint"));
art.setConstraint(b.toString());
org.getAzRules().getRule().add(art);
}
OrgType parent = this.findById(parentId, tremolo.getProvisioning().getOrg());
if (parent == null) {
for (String oid : this.orphanes.keySet()) {
OrgType orphan = this.orphanes.get(oid);
parent = this.findById(parentId, orphan);
if (parent != null) {
break;
}
}
}
if (parent == null) {
OrgType oot = new OrgType();
oot.setUuid(parentId);
oot.setAzRules(new AzRulesType());
oot.getOrgs().add(org);
this.orphanes.put(parentId, oot);
} else {
this.deleteOrg(tremolo, org.getUuid());
parent.getOrgs().add(org);
}
if (this.orphanes.containsKey(org.getUuid())) {
OrgType oot = this.orphanes.remove(org.getUuid());
org.getOrgs().addAll(oot.getOrgs());
}
}
Also used :
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
JSONObject(org.json.simple.JSONObject)
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
OrgType(com.tremolosecurity.config.xml.OrgType)
JSONArray(org.json.simple.JSONArray)
JSONObject(org.json.simple.JSONObject)
Example 2 with AzRulesType
use of com.tremolosecurity.config.xml.AzRulesType in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createApplication.
public ApplicationType createApplication(JSONObject item, String name) throws Exception {
ApplicationType app = new ApplicationType();
app.setName(name);
JSONObject spec = (JSONObject) item.get("spec");
app.setAzTimeoutMillis(getLongValue(spec.get("azTimeoutMillis"), 3000));
app.setIsApp(getBoolValue(spec.get("isApp"), true));
JSONArray urls = (JSONArray) spec.get("urls");
app.setUrls(new UrlsType());
for (Object o : urls) {
JSONObject jsonUrl = (JSONObject) o;
UrlType url = new UrlType();
if (!app.isIsApp()) {
createIdpOnUrl(jsonUrl, url);
}
JSONArray hosts = (JSONArray) jsonUrl.get("hosts");
for (Object x : hosts) {
url.getHost().add((String) x);
}
JSONArray filters = (JSONArray) jsonUrl.get("filterChain");
url.setFilterChain(new FilterChainType());
if (filters != null) {
for (Object x : filters) {
JSONObject jsonFilter = (JSONObject) x;
FilterConfigType ft = new FilterConfigType();
ft.setClazz((String) jsonFilter.get("className"));
JSONObject params = (JSONObject) jsonFilter.get("params");
if (params != null) {
for (Object y : params.keySet()) {
String paramName = (String) y;
Object z = params.get(paramName);
if (z instanceof String) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) z);
ft.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object w : values) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) w);
ft.getParam().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonFilter.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue(secretValue);
pt.setValueAttribute(secretValue);
ft.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
url.getFilterChain().getFilter().add(ft);
}
}
JSONArray jsonAzRules = (JSONArray) jsonUrl.get("azRules");
AzRulesType art = new AzRulesType();
if (jsonAzRules != null) {
for (Object x : jsonAzRules) {
JSONObject jsonRule = (JSONObject) x;
AzRuleType artx = new AzRuleType();
artx.setScope((String) jsonRule.get("scope"));
artx.setConstraint((String) jsonRule.get("constraint"));
art.getRule().add(artx);
}
}
url.setAzRules(art);
url.setProxyTo((String) jsonUrl.get("proxyTo"));
url.setUri((String) jsonUrl.get("uri"));
url.setRegex(getBoolValue(jsonUrl.get("regex"), false));
url.setAuthChain((String) jsonUrl.get("authChain"));
url.setOverrideHost(getBoolValue(jsonUrl.get("overrideHost"), false));
url.setOverrideReferer(getBoolValue(jsonUrl.get("overrideReferer"), false));
JSONObject jsonResults = (JSONObject) jsonUrl.get("results");
if (jsonResults != null) {
ResultRefType rt = new ResultRefType();
rt.setAuSuccess((String) jsonResults.get("auSuccess"));
rt.setAzSuccess((String) jsonResults.get("azSuccess"));
rt.setAuFail((String) jsonResults.get("auFail"));
rt.setAzFail((String) jsonResults.get("azFail"));
url.setResults(rt);
}
app.getUrls().getUrl().add(url);
}
JSONObject jsonCookie = (JSONObject) spec.get("cookieConfig");
if (jsonCookie != null) {
CookieConfigType cct = new CookieConfigType();
cct.setSessionCookieName((String) jsonCookie.get("sessionCookieName"));
cct.setDomain((String) jsonCookie.get("domain"));
cct.setScope(getIntValue(jsonCookie.get("scope"), -1));
cct.setLogoutURI((String) jsonCookie.get("logoutURI"));
cct.setKeyAlias((String) jsonCookie.get("keyAlias"));
cct.setTimeout(getIntValue(jsonCookie.get("timeout"), 0).intValue());
cct.setSecure(getBoolValue(jsonCookie.get("secure"), false));
cct.setHttpOnly(getBoolValue(jsonCookie.get("httpOnly"), false));
cct.setSameSite((String) jsonCookie.get("sameSite"));
cct.setCookiesEnabled(getBoolValue(jsonCookie.get("cookiesEnabled"), true));
app.setCookieConfig(cct);
}
return app;
}
Also used :
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
JSONArray(org.json.simple.JSONArray)
UrlsType(com.tremolosecurity.config.xml.UrlsType)
FilterChainType(com.tremolosecurity.config.xml.FilterChainType)
ResultRefType(com.tremolosecurity.config.xml.ResultRefType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
CookieConfigType(com.tremolosecurity.config.xml.CookieConfigType)
JSONObject(org.json.simple.JSONObject)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
Example 3 with AzRulesType
use of com.tremolosecurity.config.xml.AzRulesType in project OpenUnison by TremoloSecurity.
the class LoadUrlsFromK8s method addUrl.
private void addUrl(TremoloType tremolo, Object o) {
JSONObject trustObj = (JSONObject) o;
JSONObject metadata = (JSONObject) trustObj.get("metadata");
String resourceVersion = (String) metadata.get("resourceVersion");
JSONObject spec = (JSONObject) trustObj.get("spec");
logger.info(metadata.get("name"));
PortalUrlType portalUrl = new PortalUrlType();
StringBuffer b = new StringBuffer();
portalUrl.setName((String) metadata.get("name"));
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) spec.get("label"));
portalUrl.setLabel(b.toString());
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) spec.get("org"));
portalUrl.setOrg(b.toString());
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) spec.get("url"));
portalUrl.setUrl(b.toString());
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) spec.get("icon"));
portalUrl.setIcon(b.toString());
portalUrl.setAzRules(new AzRulesType());
JSONArray rules = (JSONArray) spec.get("azRules");
for (Object orr : rules) {
JSONObject rule = (JSONObject) orr;
AzRuleType art = new AzRuleType();
art.setScope((String) rule.get("scope"));
b.setLength(0);
OpenUnisonConfigLoader.integrateIncludes(b, (String) rule.get("constraint"));
art.setConstraint(b.toString());
portalUrl.getAzRules().getRule().add(art);
}
synchronized (tremolo.getProvisioning().getPortal()) {
deleteUrl(tremolo, portalUrl.getName());
tremolo.getProvisioning().getPortal().getUrls().add(portalUrl);
}
}
Also used :
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
JSONObject(org.json.simple.JSONObject)
PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType)
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
JSONArray(org.json.simple.JSONArray)
JSONObject(org.json.simple.JSONObject)
Example 4 with AzRulesType
use of com.tremolosecurity.config.xml.AzRulesType in project OpenUnison by TremoloSecurity.
the class ParseWorkflow method createApprovalTask.
private void createApprovalTask(JSONObject node, String path, List<WorkflowTaskType> parent, ParsedWorkflow pw) {
ApprovalType task = new ApprovalType();
task.setApprovers(new AzRulesType());
OptionType[] options = new OptionType[] { new OptionType("emailTemplate", true, OptionType.OptionValueType.STRING), new OptionType("mailAttr", true, OptionType.OptionValueType.STRING), new OptionType("failureEmailSubject", true, OptionType.OptionValueType.STRING), new OptionType("failureEmailMsg", true, OptionType.OptionValueType.STRING), new OptionType("label", true, OptionType.OptionValueType.STRING) };
for (OptionType ot : options) {
setAttribute(node, ot, task, ApprovalType.class, pw, path);
if (pw.getError() != null) {
return;
}
}
Object o = node.get("approvers");
node.remove("approvers");
parseApprovers(path + ".approvers", pw, task.getApprovers(), o, "approvers");
if (pw.getError() != null) {
return;
}
o = node.get("escalationPolicy");
if (o != null) {
node.remove("escalationPolicy");
task.setEscalationPolicy(new EscalationPolicyType());
if (!(o instanceof JSONObject)) {
pw.setErrorPath(path + ".escalationPolicy");
pw.setError("escalationPolicy must be an object");
return;
}
JSONObject escPolicy = (JSONObject) o;
o = escPolicy.get("escalations");
escPolicy.remove("escalations");
if (o == null) {
pw.setErrorPath(path + ".escalationPolicy.escalations");
pw.setError("At least one escalation must be specified");
return;
}
if (!(o instanceof JSONArray)) {
pw.setErrorPath(path + ".escalationPolicy.escalations");
pw.setError("escalations must be an array");
return;
}
JSONArray escs = (JSONArray) o;
int ii = 0;
OptionType[] escOpts = new OptionType[] { new OptionType("executeAfterTime", true, OptionType.OptionValueType.INT), new OptionType("validateEscalationClass", false, OptionType.OptionValueType.STRING), new OptionType("executeAfterUnits", true, OptionType.OptionValueType.STRING, ParseWorkflow.approversEscUnits) };
for (Object ox : escs) {
EscalationType esc = new EscalationType();
esc.setAzRules(new AzRulesType());
if (!(ox instanceof JSONObject)) {
pw.setErrorPath(path + ".escalationPolicy.escalations[" + ii + "]");
pw.setError("escalation must be an object");
return;
}
JSONObject jesc = (JSONObject) ox;
for (OptionType ot : escOpts) {
setAttribute(jesc, ot, esc, EscalationType.class, pw, path + ".escalationPolicy.escalations[" + ii + "]");
if (pw.getError() != null) {
return;
}
}
o = jesc.get("azRules");
jesc.remove("azRules");
parseApprovers(path + ".escalationPolicy.escalations[" + ii + "]", pw, esc.getAzRules(), o, "azRules");
if (pw.getError() != null) {
return;
}
if (!jesc.isEmpty()) {
pw.setError("Extra JSON keys : " + jesc.toString());
pw.setErrorPath(path + ".escalationPolicy.escalations[" + ii + "]");
return;
}
task.getEscalationPolicy().getEscalation().add(esc);
ii++;
}
o = escPolicy.get("failure");
escPolicy.remove("failure");
if (o != null) {
if (!(o instanceof JSONObject)) {
pw.setErrorPath(path + ".escalationPolicy.failure");
pw.setError("filure must be an object");
return;
}
JSONObject escFailure = (JSONObject) o;
EscalationFailureType eft = new EscalationFailureType();
eft.setAzRules(new AzRulesType());
task.getEscalationPolicy().setEscalationFailure(eft);
OptionType[] escfOpts = new OptionType[] { new OptionType("action", true, OptionType.OptionValueType.STRING, ParseWorkflow.escalationFailureActions) };
for (OptionType ot : escfOpts) {
setAttribute(escFailure, ot, eft, EscalationFailureType.class, pw, path + ".escalationPolicy.failure");
if (pw.getError() != null) {
return;
}
}
o = escFailure.get("azRules");
escFailure.remove("azRules");
parseApprovers(path + ".escalationPolicy.failure", pw, eft.getAzRules(), o, "azRules");
if (pw.getError() != null) {
return;
}
if (!escFailure.isEmpty()) {
pw.setError("Extra JSON keys : " + escFailure.toString());
pw.setErrorPath(path + ".escalationPolicy.failure");
return;
}
}
if (!escPolicy.isEmpty()) {
pw.setError("Extra JSON keys : " + node.toString());
pw.setErrorPath(path + ".escalationPolicy");
return;
}
}
loadSubTasks(node, path, pw, task);
if (pw.getError() != null) {
return;
}
if (!node.isEmpty()) {
pw.setError("Extra JSON keys : " + node.toString());
pw.setErrorPath(path);
return;
}
parent.add(task);
}
Also used :
EscalationType(com.tremolosecurity.config.xml.EscalationType)
EscalationPolicyType(com.tremolosecurity.config.xml.EscalationPolicyType)
JSONObject(org.json.simple.JSONObject)
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
ApprovalType(com.tremolosecurity.config.xml.ApprovalType)
JSONArray(org.json.simple.JSONArray)
JSONObject(org.json.simple.JSONObject)
EscalationFailureType(com.tremolosecurity.config.xml.EscalationFailureType)
Aggregations
AzRulesType (com.tremolosecurity.config.xml.AzRulesType)4
JSONArray (org.json.simple.JSONArray)4
JSONObject (org.json.simple.JSONObject)4
AzRuleType (com.tremolosecurity.config.xml.AzRuleType)3
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)1
ApprovalType (com.tremolosecurity.config.xml.ApprovalType)1
CookieConfigType (com.tremolosecurity.config.xml.CookieConfigType)1
CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)1
EscalationFailureType (com.tremolosecurity.config.xml.EscalationFailureType)1
EscalationPolicyType (com.tremolosecurity.config.xml.EscalationPolicyType)1
EscalationType (com.tremolosecurity.config.xml.EscalationType)1
FilterChainType (com.tremolosecurity.config.xml.FilterChainType)1
FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)1
OrgType (com.tremolosecurity.config.xml.OrgType)1
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)1
PortalUrlType (com.tremolosecurity.config.xml.PortalUrlType)1
ResultRefType (com.tremolosecurity.config.xml.ResultRefType)1
UrlType (com.tremolosecurity.config.xml.UrlType)1
UrlsType (com.tremolosecurity.config.xml.UrlsType)1
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1
