use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class OktaTarget method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
try {
com.okta.sdk.resource.user.User fromOkta = null;
try {
fromOkta = okta.getUser(userID);
} catch (ResourceException e) {
if (e.getStatus() == 404) {
return null;
} else {
throw new ProvisioningException("Could not lookup user", e);
}
}
User user = new User(userID);
UserProfile profile = fromOkta.getProfile();
for (Object attrKey : profile.keySet()) {
String attrName = (String) attrKey;
String value = (String) profile.get(attrKey);
if (attributes.contains(attrName)) {
user.getAttribs().put(attrName, new Attribute(attrName, value));
}
}
GroupList groups = fromOkta.listGroups();
for (Group group : groups) {
user.getGroups().add(group.getProfile().getName());
}
return user;
} catch (Exception e) {
throw new ProvisioningException("Could not retrieve user", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method deleteFullName.
private String deleteFullName(User user, int approvalID, Workflow workflow, Gson gson, StringBuffer b) throws Exception, IOException, ClientProtocolException, ProvisioningException {
String token;
token = this.getAuthToken();
HttpCon con = this.createClient();
try {
b.append("/apis/user.openshift.io/v1/users/").append(user.getUserID());
String json = callWS(token, con, b.toString());
com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
osUser.setFullName(null);
json = gson.toJson(osUser);
json = callWSPut(token, con, b.toString(), json);
osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
if (osUser.getKind().equals("User")) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "fullName", osUser.getFullName());
} else {
throw new Exception("Could not unset fullName for " + user.getUserID() + " - " + osUser.getReason());
}
} finally {
con.getHttp().close();
con.getBcm().shutdown();
}
return token;
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
Gson gson = new Gson();
User fromServer = this.findUser(user.getUserID(), attributes, request);
if (fromServer == null) {
this.createUser(user, attributes, request);
} else {
StringBuffer b = new StringBuffer();
String token = null;
if (attributes.contains("fullName")) {
if (user.getAttribs().get("fullName") != null) {
String fullName = user.getAttribs().get("fullName").getValues().get(0);
String fromServerFullName = fromServer.getAttribs().get("fullName") != null ? fromServer.getAttribs().get("fullName").getValues().get(0) : null;
if (fromServerFullName == null || !fromServerFullName.equalsIgnoreCase(fullName)) {
try {
token = setFullName(user, approvalID, workflow, gson, b);
} catch (Exception e) {
throw new ProvisioningException("Could not set fullName from " + user.getUserID(), e);
}
}
} else {
if (!addOnly) {
try {
token = deleteFullName(user, approvalID, workflow, gson, b);
} catch (Exception e) {
throw new ProvisioningException("Could not delete fullName from " + user.getUserID(), e);
}
}
}
}
try {
syncGroups(user, addOnly, approvalID, workflow, fromServer, token);
} catch (Exception e) {
throw new ProvisioningException("Could not sync groups for " + user.getUserID(), e);
}
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
com.tremolosecurity.unison.openshiftv3.model.users.User osUser = new com.tremolosecurity.unison.openshiftv3.model.users.User();
osUser.setKind("User");
osUser.setApiVersion("user.openshift.io/v1");
osUser.getMetadata().put("name", user.getUserID());
if (user.getAttribs().get("fullName") != null) {
osUser.setFullName(user.getAttribs().get("fullName").getValues().get(0));
}
Gson gson = new Gson();
try {
String token = this.getAuthToken();
HttpCon con = this.createClient();
try {
String json = gson.toJson(osUser);
StringBuffer b = new StringBuffer();
b.append("/apis/user.openshift.io/v1/users");
osUser = gson.fromJson(this.callWSPost(token, con, b.toString(), json), com.tremolosecurity.unison.openshiftv3.model.users.User.class);
if (!osUser.getKind().equals("User")) {
throw new ProvisioningException("Could not create user " + user.getUserID() + " - " + osUser.getReason());
}
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "name", user.getUserID());
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "name", (String) osUser.getMetadata().get("name"));
if (user.getAttribs().get("fullName") != null) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "fullName", osUser.getFullName());
}
for (String groupName : user.getGroups()) {
this.addUserToGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
}
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not create user", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
try {
User user = null;
String token = this.getAuthToken();
// users aren't bound to groups and there's no way to directly lookup what groups a user has
// so we need to read all groups and see if the user exists
ArrayList<String> groupsForUser = new ArrayList<String>();
HttpCon con = this.createClient();
StringBuffer b = new StringBuffer();
com.tremolosecurity.unison.openshiftv3.model.List<GroupItem> groupList = null;
try {
String json = callWS(token, con, "/apis/user.openshift.io/v1/groups");
Gson gson = new Gson();
TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>> tokenType = new TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>>() {
};
groupList = gson.fromJson(json, tokenType.getType());
b.append("/apis/user.openshift.io/v1/users/").append(userID);
json = callWS(token, con, b.toString());
com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
if (osUser.getKind().equalsIgnoreCase("User")) {
user = new User(userID);
for (String attrName : osUser.getMetadata().keySet()) {
if (!attrName.equalsIgnoreCase("fullName") && attributes.contains(attrName)) {
user.getAttribs().put(attrName, new Attribute(attrName, (String) osUser.getMetadata().get(attrName)));
}
}
if (attributes.contains("fullName") && osUser.getFullName() != null) {
user.getAttribs().put("fullName", new Attribute("fullName", osUser.getFullName()));
}
}
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
for (GroupItem group : groupList.getItems()) {
if (group.getUsers() != null && group.getUsers().contains(userID)) {
groupsForUser.add((String) group.getMetadata().get("name"));
}
}
if (groupsForUser.isEmpty()) {
return user;
} else {
if (user == null) {
// user = new User(userID);
return null;
}
user.getGroups().addAll(groupsForUser);
return user;
}
} catch (Exception e) {
throw new ProvisioningException("Could not load " + userID, e);
}
}
Aggregations