Search in sources :

Example 1 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class OktaTarget method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.okta.sdk.resource.user.User forOkta = null;
    UserBuilder ub = UserBuilder.instance();
    HashMap<String, Object> profile = new HashMap<String, Object>();
    for (String attrName : user.getAttribs().keySet()) {
        if (attributes.contains(attrName)) {
            profile.put(attrName, user.getAttribs().get(attrName).getValues().get(0));
        }
    }
    ub.setProfileProperties(profile);
    for (String group : user.getGroups()) {
        GroupList gl = okta.listGroups(group, null, null);
        ub.addGroup(gl.iterator().next().getId());
    }
    ub.buildAndCreate(this.okta);
    this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "login", user.getUserID());
    for (String attrName : user.getAttribs().keySet()) {
        if (attributes.contains(attrName)) {
            profile.put(attrName, user.getAttribs().get(attrName).getValues().get(0));
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
        }
    }
    for (String group : user.getGroups()) {
        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", group);
    }
}
Also used : GroupList(com.okta.sdk.resource.group.GroupList) HashMap(java.util.HashMap) Workflow(com.tremolosecurity.provisioning.core.Workflow) JSONObject(org.json.simple.JSONObject) UserBuilder(com.okta.sdk.resource.user.UserBuilder)

Example 2 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class OktaTarget method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.okta.sdk.resource.user.User fromOkta = null;
    try {
        fromOkta = okta.getUser(user.getUserID());
    } catch (ResourceException e) {
        throw new ProvisioningException("Could not lookup user", e);
    }
    fromOkta.deactivate();
    fromOkta.delete();
    this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "login", user.getUserID());
}
Also used : ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) ResourceException(com.okta.sdk.resource.ResourceException)

Example 3 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    Gson gson = new Gson();
    User fromServer = this.findUser(user.getUserID(), attributes, request);
    if (fromServer == null) {
        this.createUser(user, attributes, request);
    } else {
        StringBuffer b = new StringBuffer();
        String token = null;
        if (attributes.contains("fullName")) {
            if (user.getAttribs().get("fullName") != null) {
                String fullName = user.getAttribs().get("fullName").getValues().get(0);
                String fromServerFullName = fromServer.getAttribs().get("fullName") != null ? fromServer.getAttribs().get("fullName").getValues().get(0) : null;
                if (fromServerFullName == null || !fromServerFullName.equalsIgnoreCase(fullName)) {
                    try {
                        token = setFullName(user, approvalID, workflow, gson, b);
                    } catch (Exception e) {
                        throw new ProvisioningException("Could not set fullName from " + user.getUserID(), e);
                    }
                }
            } else {
                if (!addOnly) {
                    try {
                        token = deleteFullName(user, approvalID, workflow, gson, b);
                    } catch (Exception e) {
                        throw new ProvisioningException("Could not delete fullName from " + user.getUserID(), e);
                    }
                }
            }
        }
        try {
            syncGroups(user, addOnly, approvalID, workflow, fromServer, token);
        } catch (Exception e) {
            throw new ProvisioningException("Could not sync groups for " + user.getUserID(), e);
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 4 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.tremolosecurity.unison.openshiftv3.model.users.User osUser = new com.tremolosecurity.unison.openshiftv3.model.users.User();
    osUser.setKind("User");
    osUser.setApiVersion("user.openshift.io/v1");
    osUser.getMetadata().put("name", user.getUserID());
    if (user.getAttribs().get("fullName") != null) {
        osUser.setFullName(user.getAttribs().get("fullName").getValues().get(0));
    }
    Gson gson = new Gson();
    try {
        String token = this.getAuthToken();
        HttpCon con = this.createClient();
        try {
            String json = gson.toJson(osUser);
            StringBuffer b = new StringBuffer();
            b.append("/apis/user.openshift.io/v1/users");
            osUser = gson.fromJson(this.callWSPost(token, con, b.toString(), json), com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (!osUser.getKind().equals("User")) {
                throw new ProvisioningException("Could not create user " + user.getUserID() + " - " + osUser.getReason());
            }
            this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "name", user.getUserID());
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "name", (String) osUser.getMetadata().get("name"));
            if (user.getAttribs().get("fullName") != null) {
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "fullName", osUser.getFullName());
            }
            for (String groupName : user.getGroups()) {
                this.addUserToGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create user", e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 5 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method addGroup.

@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
    HttpCon con = null;
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        String token = this.getAuthToken();
        con = this.createClient();
        Gson gson = new Gson();
        // first lets see if the group exists
        StringBuilder sb = new StringBuilder();
        sb.append("/apis/user.openshift.io/v1/groups/").append(name);
        com.tremolosecurity.unison.openshiftv3.model.groups.Group group = new com.tremolosecurity.unison.openshiftv3.model.groups.Group();
        group.setKind("Group");
        group.setApiVersion("user.openshift.io/v1");
        group.setMetadata(new HashMap<String, Object>());
        group.getMetadata().put("name", name);
        group.getMetadata().put("creationTimestamp", null);
        group.setUsers(null);
        String jsonInput = gson.toJson(group);
        if (!this.isObjectExists(token, con, "/apis/user.openshift.io/v1/groups", jsonInput)) {
            String json = this.callWSPost(token, con, "/apis/user.openshift.io/v1/groups", jsonInput);
            Response resp = gson.fromJson(json, Response.class);
            if (resp.getKind().equalsIgnoreCase("Group")) {
                this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
            } else {
                throw new ProvisioningException("Unknown response : '" + json + "'");
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not load group", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
}
Also used : UserStoreProviderWithAddGroup(com.tremolosecurity.provisioning.core.UserStoreProviderWithAddGroup) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Response(com.tremolosecurity.unison.openshiftv3.model.Response) HttpResponse(org.apache.http.HttpResponse) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) JSONObject(org.json.simple.JSONObject)

Aggregations

Workflow (com.tremolosecurity.provisioning.core.Workflow)78 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32 IOException (java.io.IOException)30 UnsupportedEncodingException (java.io.UnsupportedEncodingException)22 ClientProtocolException (org.apache.http.client.ClientProtocolException)21 Attribute (com.tremolosecurity.saml.Attribute)19 ArrayList (java.util.ArrayList)18 LDAPException (com.novell.ldap.LDAPException)17 HashMap (java.util.HashMap)17 User (com.tremolosecurity.provisioning.core.User)16 HashSet (java.util.HashSet)15 ParseException (org.json.simple.parser.ParseException)14 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12 JSONObject (org.json.simple.JSONObject)12 Gson (com.google.gson.Gson)11 LDAPEntry (com.novell.ldap.LDAPEntry)11 LDAPAttribute (com.novell.ldap.LDAPAttribute)10 GitLabApiException (org.gitlab4j.api.GitLabApiException)10 SQLException (java.sql.SQLException)9