use of com.tremolosecurity.myvd.dataObj.K8sUser in project OpenUnison by TremoloSecurity.
the class K8sCrdInsert method loadUserFromK8sCrd.
private void loadUserFromK8sCrd(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
if (logger.isDebugEnabled()) {
logger.debug("Looking up user '" + name + "' in namespace '" + this.nameSpace + "'");
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(name).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
if (logger.isDebugEnabled()) {
logger.debug("Can't find '" + name + "'");
}
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", k8sUser.getUid()));
ldapUser.getAttributeSet().add(new LDAPAttribute("sub", k8sUser.getSub()));
ldapUser.getAttributeSet().add(new LDAPAttribute("first_name", k8sUser.getFirstName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("last_name", k8sUser.getLastName()));
ldapUser.getAttributeSet().add(new LDAPAttribute("email", k8sUser.getEmail()));
if (k8sUser.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : k8sUser.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR));
}
}
use of com.tremolosecurity.myvd.dataObj.K8sUser in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HashMap<String, Object> createObject = new HashMap<String, Object>();
createObject.put("apiVersion", "openunison.tremolo.io/v1");
createObject.put("kind", "User");
HashMap<String, Object> metaData = new HashMap<String, Object>();
createObject.put("metadata", metaData);
metaData.put("name", k8sUserId);
metaData.put("namespace", this.nameSpace);
HashMap<String, Object> spec = new HashMap<String, Object>();
createObject.put("spec", spec);
if (attributes.contains("sub")) {
if (user.getAttribs().get("sub") == null) {
throw new ProvisioningException("No sub attribute");
}
spec.put("sub", user.getAttribs().get("sub").getValues().get(0));
}
if (attributes.contains("first_name")) {
if (user.getAttribs().get("first_name") == null) {
throw new ProvisioningException("No first_name attribute");
}
spec.put("first_name", user.getAttribs().get("first_name").getValues().get(0));
}
if (attributes.contains("last_name")) {
if (user.getAttribs().get("last_name") == null) {
throw new ProvisioningException("No last_name attribute");
}
spec.put("last_name", user.getAttribs().get("last_name").getValues().get(0));
}
if (attributes.contains("email")) {
if (user.getAttribs().get("email") == null) {
throw new ProvisioningException("No email attribute");
}
spec.put("email", user.getAttribs().get("email").getValues().get(0));
}
if (attributes.contains("uid")) {
spec.put("uid", k8sUserId);
}
spec.put("groups", user.getGroups());
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users").toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonReq = this.gsonNoUnderScore.toJson(createObject);
String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
throw new ProvisioningException("User not created - '" + jsonResp + "'");
}
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "sub", user.getUserID());
if (attributes.contains("sub")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "sub", user.getAttribs().get("sub").getValues().get(0));
}
if (attributes.contains("first_name")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "first_name", user.getAttribs().get("first_name").getValues().get(0));
}
if (attributes.contains("last_name")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "last_name", user.getAttribs().get("last_name").getValues().get(0));
}
if (attributes.contains("email")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "email", user.getAttribs().get("email").getValues().get(0));
}
if (attributes.contains("uid")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "uid", k8sUserId);
}
for (String group : user.getGroups()) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
use of com.tremolosecurity.myvd.dataObj.K8sUser in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
String k8sUserId = OpenShiftTarget.sub2uid(userID);
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
return null;
} else {
User user = new User(userID);
if (attributes.contains("sub")) {
user.getAttribs().put("sub", new Attribute("sub", k8sUser.getSub()));
}
if (attributes.contains("first_name")) {
user.getAttribs().put("first_name", new Attribute("first_name", k8sUser.getFirstName()));
}
if (attributes.contains("last_name")) {
user.getAttribs().put("last_name", new Attribute("last_name", k8sUser.getLastName()));
}
if (attributes.contains("email")) {
user.getAttribs().put("email", new Attribute("email", k8sUser.getEmail()));
}
if (attributes.contains("uid")) {
user.getAttribs().put("uid", new Attribute("uid", k8sUser.getUid()));
}
if (k8sUser.getGroups().size() > 0) {
for (String group : k8sUser.getGroups()) {
user.getGroups().add(group);
}
}
return user;
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
Aggregations