Search in sources :

Example 71 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class K8sCrdUserProvider method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HashMap<String, Object> createObject = new HashMap<String, Object>();
    createObject.put("apiVersion", "openunison.tremolo.io/v1");
    createObject.put("kind", "User");
    HashMap<String, Object> metaData = new HashMap<String, Object>();
    createObject.put("metadata", metaData);
    metaData.put("name", k8sUserId);
    metaData.put("namespace", this.nameSpace);
    HashMap<String, Object> spec = new HashMap<String, Object>();
    createObject.put("spec", spec);
    if (attributes.contains("sub")) {
        if (user.getAttribs().get("sub") == null) {
            throw new ProvisioningException("No sub attribute");
        }
        spec.put("sub", user.getAttribs().get("sub").getValues().get(0));
    }
    if (attributes.contains("first_name")) {
        if (user.getAttribs().get("first_name") == null) {
            throw new ProvisioningException("No first_name attribute");
        }
        spec.put("first_name", user.getAttribs().get("first_name").getValues().get(0));
    }
    if (attributes.contains("last_name")) {
        if (user.getAttribs().get("last_name") == null) {
            throw new ProvisioningException("No last_name attribute");
        }
        spec.put("last_name", user.getAttribs().get("last_name").getValues().get(0));
    }
    if (attributes.contains("email")) {
        if (user.getAttribs().get("email") == null) {
            throw new ProvisioningException("No email attribute");
        }
        spec.put("email", user.getAttribs().get("email").getValues().get(0));
    }
    if (attributes.contains("uid")) {
        spec.put("uid", k8sUserId);
    }
    spec.put("groups", user.getGroups());
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users").toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonReq = this.gsonNoUnderScore.toJson(createObject);
            String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
            K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
            if (k8sUser == null) {
                throw new ProvisioningException("User not created - '" + jsonResp + "'");
            }
            GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "sub", user.getUserID());
            if (attributes.contains("sub")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "sub", user.getAttribs().get("sub").getValues().get(0));
            }
            if (attributes.contains("first_name")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "first_name", user.getAttribs().get("first_name").getValues().get(0));
            }
            if (attributes.contains("last_name")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "last_name", user.getAttribs().get("last_name").getValues().get(0));
            }
            if (attributes.contains("email")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "email", user.getAttribs().get("email").getValues().get(0));
            }
            if (attributes.contains("uid")) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "uid", k8sUserId);
            }
            for (String group : user.getGroups()) {
                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
            }
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new ProvisioningException("Error searching kubernetes", e);
    }
}
Also used : HashMap(java.util.HashMap) UserData(com.tremolosecurity.myvd.dataObj.UserData) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 72 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class K8sCrdUserProvider method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    User fromServer = this.findUser(user.getUserID(), attributes, request);
    if (fromServer == null) {
        this.createUser(user, attributes, request);
    } else {
        String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        OpenShiftTarget k8s = null;
        try {
            k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
        } catch (ProvisioningException e1) {
            logger.error("Could not retrieve kubernetes target", e1);
            throw new ProvisioningException("Could not connect to kubernetes", e1);
        }
        String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
        HashMap<String, Object> patch = new HashMap<String, Object>();
        if (attributes.contains("first_name")) {
            if (!fromServer.getAttribs().get("first_name").getValues().get(0).equalsIgnoreCase(user.getAttribs().get("first_name").getValues().get(0))) {
                patch.put("first_name", user.getAttribs().get("first_name").getValues().get(0));
            }
        }
        if (attributes.contains("last_name")) {
            if (!fromServer.getAttribs().get("last_name").getValues().get(0).equalsIgnoreCase(user.getAttribs().get("last_name").getValues().get(0))) {
                patch.put("last_name", user.getAttribs().get("last_name").getValues().get(0));
            }
        }
        if (attributes.contains("email")) {
            if (!fromServer.getAttribs().get("email").getValues().get(0).equalsIgnoreCase(user.getAttribs().get("email").getValues().get(0))) {
                patch.put("email", user.getAttribs().get("email").getValues().get(0));
            }
        }
        List<String> newGroups = new ArrayList<String>();
        List<String> added = new ArrayList<String>();
        newGroups.addAll(fromServer.getGroups());
        for (String groupFromUser : user.getGroups()) {
            if (!newGroups.contains(groupFromUser)) {
                newGroups.add(groupFromUser);
                added.add(groupFromUser);
            }
        }
        List<String> removed = new ArrayList<String>();
        if (!addOnly) {
            for (String newGroup : newGroups) {
                if (!user.getGroups().contains(newGroup)) {
                    removed.add(newGroup);
                }
            }
            if (removed.size() > 0) {
                newGroups.removeAll(removed);
            }
        }
        if (added.size() > 0 || removed.size() > 0) {
            patch.put("groups", newGroups);
        }
        if (patch.size() > 0) {
            HashMap<String, Object> spec = new HashMap<String, Object>();
            spec.put("spec", patch);
            String json = this.gsonNoUnderScore.toJson(spec);
            try {
                HttpCon con = k8s.createClient();
                try {
                    k8s.callWSPatchJson(k8s.getAuthToken(), con, url, json);
                    for (String attrName : patch.keySet()) {
                        if (attrName.equalsIgnoreCase("groups")) {
                            for (String group : added) {
                                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
                            }
                            for (String group : removed) {
                                GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", group);
                            }
                        } else {
                            GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, attrName, patch.get(attrName).toString());
                        }
                    }
                // GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name,true, ActionType.Delete, approvalID, workflow,"sub", user.getUserID());
                } finally {
                    con.getHttp().close();
                    con.getBcm().close();
                }
            } catch (Exception e) {
                logger.error("Could not search k8s", e);
                throw new ProvisioningException("Error searching kubernetes", e);
            }
        }
    }
}
Also used : K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser) User(com.tremolosecurity.provisioning.core.User) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 73 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class ClearJobs method execute.

@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
    if (configManager == null || configManager.getProvisioningEngine() == null) {
        logger.warn("System not fully initialized");
        return;
    }
    String target = context.getJobDetail().getJobDataMap().getString("target");
    String uri = context.getJobDetail().getJobDataMap().getString("uri");
    String labels = context.getJobDetail().getJobDataMap().getString("labels");
    String workflowName = context.getJobDetail().getJobDataMap().getString("workflow");
    String runWorkflowAsUsername = context.getJobDetail().getJobDataMap().getString("runWorkflowAsUsername");
    String runWorkflowAsUsernameAttribute = context.getJobDetail().getJobDataMap().getString("runWorkflowAsUsernameAttribute");
    OpenShiftTarget os = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(target).getProvider();
    HttpCon con = null;
    try {
        con = os.createClient();
        String token = os.getAuthToken();
        String finalUri = uri + "?labelSelector=" + URLEncoder.encode(labels, "UTF-8");
        String jsonResponse = os.callWS(token, con, finalUri);
        logger.info(jsonResponse);
        JSONObject root = (JSONObject) new JSONParser().parse(jsonResponse);
        JSONArray items = (JSONArray) root.get("items");
        for (Object o : items) {
            JSONObject job = (JSONObject) o;
            JSONObject metadata = (JSONObject) job.get("metadata");
            JSONObject status = (JSONObject) job.get("status");
            if (status != null) {
                Long succeed = (Long) status.get("succeeded");
                if (succeed != null && succeed.intValue() == 1) {
                    HashMap<String, Object> request = new HashMap<String, Object>();
                    request.put("job_name", (String) metadata.get("name"));
                    JSONObject jobLabels = (JSONObject) metadata.get("labels");
                    if (jobLabels != null) {
                        for (Object keyO : jobLabels.keySet()) {
                            String key = (String) keyO;
                            logger.info("label - '" + key + "'='" + jobLabels.get(key) + "'");
                            request.put("job_labels_" + key, jobLabels.get(key));
                        }
                    }
                    User user = new User();
                    user.setUserID(runWorkflowAsUsername);
                    user.setRequestReason("Clearing completed job " + metadata.get("name"));
                    user.getAttribs().put(runWorkflowAsUsernameAttribute, new Attribute(runWorkflowAsUsernameAttribute, runWorkflowAsUsername));
                    Workflow wf = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName, user);
                    logger.info(request);
                    wf.executeWorkflow(user, request);
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not clear object", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
            try {
                con.getHttp().close();
            } catch (IOException e) {
                logger.warn("Could not close connection", e);
            }
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) JSONArray(org.json.simple.JSONArray) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) Workflow(com.tremolosecurity.provisioning.core.Workflow) IOException(java.io.IOException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) JSONParser(org.json.simple.parser.JSONParser) DeleteObject(com.tremolosecurity.unison.openshiftv3.jobs.DeleteObject) JSONObject(org.json.simple.JSONObject)

Example 74 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AddGroupToRole method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    String localProjectName = task.renderTemplate(projectName, request);
    String localGroupName = task.renderTemplate(groupName, request);
    String localPolicyName = task.renderTemplate(roleName, request);
    HttpCon con = null;
    OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget("openshift").getProvider();
    try {
        String token = os.getAuthToken();
        con = os.createClient();
        if (this.openShiftVersion == 3.6) {
            addTo36Role(os, token, con, localProjectName, localPolicyName, localGroupName, approvalID);
        } else {
            addToRBACRole(os, token, con, localProjectName, localPolicyName, localGroupName, approvalID);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not add group to role", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
    return true;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 75 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class CreateProject method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    String localTemplate = task.renderTemplate(template, request);
    if (logger.isDebugEnabled()) {
        logger.debug("localTemplate : '" + localTemplate + "'");
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget("openshift").getProvider();
    try {
        String token = os.getAuthToken();
        con = os.createClient();
        if (!os.isObjectExists(token, con, "/apis/project.openshift.io/v1/projects", localTemplate)) {
            String respJSON = os.callWSPost(token, con, "/apis/project.openshift.io/v1/projectrequests", localTemplate);
            if (logger.isDebugEnabled()) {
                logger.debug("Response for creating project : '" + respJSON + "'");
            }
            JSONParser parser = new JSONParser();
            JSONObject resp = (JSONObject) parser.parse(respJSON);
            String kind = (String) resp.get("kind");
            String projectName = (String) ((JSONObject) resp.get("metadata")).get("name");
            if (!kind.equalsIgnoreCase("Project")) {
                throw new ProvisioningException("Could not create project with json '" + localTemplate + "' - '" + respJSON + "'");
            } else {
                this.task.getConfigManager().getProvisioningEngine().logAction(this.targetName, true, ActionType.Add, approvalID, this.task.getWorkflow(), "openshift-project", projectName);
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create project", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
    return true;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) JSONParser(org.json.simple.parser.JSONParser) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

Workflow (com.tremolosecurity.provisioning.core.Workflow)78 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32 IOException (java.io.IOException)30 UnsupportedEncodingException (java.io.UnsupportedEncodingException)22 ClientProtocolException (org.apache.http.client.ClientProtocolException)21 Attribute (com.tremolosecurity.saml.Attribute)19 ArrayList (java.util.ArrayList)18 LDAPException (com.novell.ldap.LDAPException)17 HashMap (java.util.HashMap)17 User (com.tremolosecurity.provisioning.core.User)16 HashSet (java.util.HashSet)15 ParseException (org.json.simple.parser.ParseException)14 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12 JSONObject (org.json.simple.JSONObject)12 Gson (com.google.gson.Gson)11 LDAPEntry (com.novell.ldap.LDAPEntry)11 LDAPAttribute (com.novell.ldap.LDAPAttribute)10 GitLabApiException (org.gitlab4j.api.GitLabApiException)10 SQLException (java.sql.SQLException)9