Search in sources :

Example 1 with K8sUser

use of com.tremolosecurity.myvd.dataObj.K8sUser in project OpenUnison by TremoloSecurity.

the class K8sCrdInsert method loadUserFromK8sCrd.

private void loadUserFromK8sCrd(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
    if (logger.isDebugEnabled()) {
        logger.debug("Looking up user '" + name + "' in namespace '" + this.nameSpace + "'");
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(name).toString();
    ArrayList<Entry> ret = new ArrayList<Entry>();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
            K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
            if (k8sUser == null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Can't find '" + name + "'");
                }
                if (exceptionOnNotFound) {
                    throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
                }
            } else {
                LDAPEntry ldapUser = new LDAPEntry(entryDN);
                ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("uid", k8sUser.getUid()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("sub", k8sUser.getSub()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("first_name", k8sUser.getFirstName()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("last_name", k8sUser.getLastName()));
                ldapUser.getAttributeSet().add(new LDAPAttribute("email", k8sUser.getEmail()));
                if (k8sUser.getGroups().size() > 0) {
                    LDAPAttribute groups = new LDAPAttribute("groups");
                    for (String group : k8sUser.getGroups()) {
                        groups.addValue(group);
                    }
                    ldapUser.getAttributeSet().add(groups);
                }
                ret.add(new Entry(ldapUser));
            }
            chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
            return;
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (LDAPException le) {
        throw le;
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) UserData(com.tremolosecurity.myvd.dataObj.UserData) ArrayList(java.util.ArrayList) K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet) Entry(net.sourceforge.myvd.types.Entry) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPEntry(com.novell.ldap.LDAPEntry) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) LDAPException(com.novell.ldap.LDAPException)

Example 2 with K8sUser

use of com.tremolosecurity.myvd.dataObj.K8sUser in project OpenUnison by TremoloSecurity.

the class K8sCrdUserProvider method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HashMap<String, Object> createObject = new HashMap<String, Object>();
    createObject.put("apiVersion", "openunison.tremolo.io/v1");
    createObject.put("kind", "User");
    HashMap<String, Object> metaData = new HashMap<String, Object>();
    createObject.put("metadata", metaData);
    metaData.put("name", k8sUserId);
    metaData.put("namespace", this.nameSpace);
    HashMap<String, Object> spec = new HashMap<String, Object>();
    createObject.put("spec", spec);
    if (attributes.contains("sub")) {
        if (user.getAttribs().get("sub") == null) {
            throw new ProvisioningException("No sub attribute");
        }
        spec.put("sub", user.getAttribs().get("sub").getValues().get(0));
    }
    if (attributes.contains("first_name")) {
        if (user.getAttribs().get("first_name") == null) {
            throw new ProvisioningException("No first_name attribute");
        }
        spec.put("first_name", user.getAttribs().get("first_name").getValues().get(0));
    }
    if (attributes.contains("last_name")) {
        if (user.getAttribs().get("last_name") == null) {
            throw new ProvisioningException("No last_name attribute");
        }
        spec.put("last_name", user.getAttribs().get("last_name").getValues().get(0));
    }
    if (attributes.contains("email")) {
        if (user.getAttribs().get("email") == null) {
            throw new ProvisioningException("No email attribute");
        }
        spec.put("email", user.getAttribs().get("email").getValues().get(0));
    }
    if (attributes.contains("uid")) {
        spec.put("uid", k8sUserId);
    }
    spec.put("groups", user.getGroups());
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users").toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonReq = this.gsonNoUnderScore.toJson(createObject);
            String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
            K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
            if (k8sUser == null) {
                throw new ProvisioningException("User not created - '" + jsonResp + "'");
            }
            GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "sub", user.getUserID());
            if (attributes.contains("sub")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "sub", user.getAttribs().get("sub").getValues().get(0));
            }
            if (attributes.contains("first_name")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "first_name", user.getAttribs().get("first_name").getValues().get(0));
            }
            if (attributes.contains("last_name")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "last_name", user.getAttribs().get("last_name").getValues().get(0));
            }
            if (attributes.contains("email")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "email", user.getAttribs().get("email").getValues().get(0));
            }
            if (attributes.contains("uid")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "uid", k8sUserId);
            }
            for (String group : user.getGroups()) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
            }
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new ProvisioningException("Error searching kubernetes", e);
    }
}
Also used : HashMap(java.util.HashMap) UserData(com.tremolosecurity.myvd.dataObj.UserData) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 3 with K8sUser

use of com.tremolosecurity.myvd.dataObj.K8sUser in project OpenUnison by TremoloSecurity.

the class K8sCrdUserProvider method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    String k8sUserId = OpenShiftTarget.sub2uid(userID);
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
    ArrayList<Entry> ret = new ArrayList<Entry>();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
            K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
            if (k8sUser == null) {
                return null;
            } else {
                User user = new User(userID);
                if (attributes.contains("sub")) {
                    user.getAttribs().put("sub", new Attribute("sub", k8sUser.getSub()));
                }
                if (attributes.contains("first_name")) {
                    user.getAttribs().put("first_name", new Attribute("first_name", k8sUser.getFirstName()));
                }
                if (attributes.contains("last_name")) {
                    user.getAttribs().put("last_name", new Attribute("last_name", k8sUser.getLastName()));
                }
                if (attributes.contains("email")) {
                    user.getAttribs().put("email", new Attribute("email", k8sUser.getEmail()));
                }
                if (attributes.contains("uid")) {
                    user.getAttribs().put("uid", new Attribute("uid", k8sUser.getUid()));
                }
                if (k8sUser.getGroups().size() > 0) {
                    for (String group : k8sUser.getGroups()) {
                        user.getGroups().add(group);
                    }
                }
                return user;
            }
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new ProvisioningException("Error searching kubernetes", e);
    }
}
Also used : K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) User(com.tremolosecurity.provisioning.core.User) UserData(com.tremolosecurity.myvd.dataObj.UserData) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Entry(net.sourceforge.myvd.types.Entry) LDAPEntry(com.novell.ldap.LDAPEntry) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

LDAPException (com.novell.ldap.LDAPException)3 K8sUser (com.tremolosecurity.myvd.dataObj.K8sUser)3 UserData (com.tremolosecurity.myvd.dataObj.UserData)3 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)3 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3 LDAPAttribute (com.novell.ldap.LDAPAttribute)2 LDAPEntry (com.novell.ldap.LDAPEntry)2 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)2 ArrayList (java.util.ArrayList)2 Entry (net.sourceforge.myvd.types.Entry)2 User (com.tremolosecurity.provisioning.core.User)1 Workflow (com.tremolosecurity.provisioning.core.Workflow)1 Attribute (com.tremolosecurity.saml.Attribute)1 HashMap (java.util.HashMap)1 IteratorEntrySet (net.sourceforge.myvd.util.IteratorEntrySet)1