Search in sources :

Example 16 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class LDAPProvider method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        StringBuffer filter = new StringBuffer();
        filter.append("(").append(this.userIDAttribute).append("=").append(user.getUserID()).append(")");
        LdapConnection con;
        try {
            con = this.ldapPool.getConnection();
        } catch (Exception e) {
            throw new ProvisioningException("Could not get LDAP connection " + user.getUserID(), e);
        }
        try {
            LDAPSearchResults res = con.getConnection().search(searchBase, 2, filter.toString(), new String[] { "1.1" }, false);
            if (!res.hasMore()) {
                throw new ProvisioningException("User does not exist " + user.getUserID());
            }
            String dn = res.next().getDN();
            while (res.hasMore()) res.next();
            con.getConnection().delete(dn);
            this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Delete, approvalID, workflow, "dn", dn);
        } finally {
            con.returnCon();
        }
    } catch (LDAPException e) {
        throw new ProvisioningException("Could not delete user " + user.getUserID(), e);
    }
}
Also used : LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) LDAPException(com.novell.ldap.LDAPException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LdapConnection(com.tremolosecurity.provisioning.util.ldap.pool.LdapConnection)

Example 17 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class DeleteGroupMembers method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    String localWorkflowName = task.renderTemplate(this.workflowName, request);
    String localGroupToDelete = task.renderTemplate(this.groupToDelete, request);
    String localGroupNameAttribute = task.renderTemplate(this.groupNameAttribute, request);
    String memberAttr = task.getConfigManager().getCfg().getGroupMemberAttribute();
    String[] members = null;
    String groupName = null;
    try {
        LDAPSearchResults rs = task.getConfigManager().getMyVD().search(localGroupToDelete, 0, "(objectClass=*)", new ArrayList<String>());
        rs.hasMore();
        LDAPEntry group = rs.next();
        while (rs.hasMore()) rs.next();
        if (group.getAttribute(memberAttr) != null) {
            members = group.getAttribute(memberAttr).getStringValueArray();
        } else {
            members = new String[] {};
        }
        if (group.getAttribute(localGroupNameAttribute) != null) {
            groupName = group.getAttribute(localGroupNameAttribute).getStringValue();
        } else {
            throw new ProvisioningException("Group '" + localGroupToDelete + "' has no '" + localGroupNameAttribute + "' attribute");
        }
    } catch (LDAPException e) {
        throw new ProvisioningException("Could not load from group", e);
    }
    for (String member : members) {
        try {
            LDAPSearchResults rs = task.getConfigManager().getMyVD().search(member, 0, "(objectClass=*)", new ArrayList<String>());
            rs.hasMore();
            LDAPEntry ldapMember = rs.next();
            TremoloUser userToUpdate = new TremoloUser();
            userToUpdate.setUid(ldapMember.getAttribute(this.uidAttribute).getStringValue());
            userToUpdate.getAttributes().add(new Attribute(this.uidAttribute, userToUpdate.getUid()));
            Workflow wf = task.getConfigManager().getProvisioningEngine().getWorkFlow(localWorkflowName);
            WFCall call = new WFCall();
            call.setReason("removing from to be deleted group " + localGroupToDelete);
            call.setUidAttributeName(this.uidAttribute);
            call.setUser(userToUpdate);
            call.setRequestor(this.requestor);
            call.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
            call.getRequestParams().put("openunison_grouptoremove", groupName);
            wf.executeWorkflow(call);
        } catch (LDAPException e) {
            logger.warn("Could not remove user '" + member + "'", e);
        }
    }
    return true;
}
Also used : LDAPEntry(com.novell.ldap.LDAPEntry) WFCall(com.tremolosecurity.provisioning.service.util.WFCall) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser) Attribute(com.tremolosecurity.saml.Attribute) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow)

Example 18 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    Gson gson = new Gson();
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        UserAndID fromKS = this.lookupUser(user.getUserID(), attributes, request, token, con);
        if (fromKS == null) {
            this.createUser(user, attributes, request);
        } else {
            // check attributes
            HashMap<String, String> attrsUpdate = new HashMap<String, String>();
            KSUser toPatch = new KSUser();
            if (!rolesOnly) {
                if (attributes.contains("email")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("email") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("email").getValues().get(0);
                    }
                    if (user.getAttribs().get("email") != null) {
                        newVal = user.getAttribs().get("email").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setEmail(newVal);
                        attrsUpdate.put("email", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setEmail("");
                        attrsUpdate.put("email", "");
                    }
                }
                if (attributes.contains("enabled")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("enabled") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("enabled").getValues().get(0);
                    }
                    if (user.getAttribs().get("enabled") != null) {
                        newVal = user.getAttribs().get("enabled").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setName(newVal);
                        attrsUpdate.put("enabled", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setEnabled(false);
                        attrsUpdate.put("enabled", "");
                    }
                }
                if (attributes.contains("description")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("description") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("description").getValues().get(0);
                    }
                    if (user.getAttribs().get("description") != null) {
                        newVal = user.getAttribs().get("description").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setDescription(newVal);
                        attrsUpdate.put("description", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setDescription("");
                        attrsUpdate.put("description", "");
                    }
                }
                if (!attrsUpdate.isEmpty()) {
                    UserHolder holder = new UserHolder();
                    holder.setUser(toPatch);
                    String json = gson.toJson(holder);
                    StringBuffer b = new StringBuffer();
                    b.append(this.url).append("/users/").append(fromKS.getId());
                    json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
                    for (String attr : attrsUpdate.keySet()) {
                        String val = attrsUpdate.get(attr);
                        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, attr, val);
                    }
                }
                for (String group : user.getGroups()) {
                    if (!fromKS.getUser().getGroups().contains(group)) {
                        String groupID = this.getGroupID(token.getAuthToken(), con, group);
                        StringBuffer b = new StringBuffer();
                        b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
                        if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "group", group);
                        } else {
                            throw new ProvisioningException("Could not add group " + group);
                        }
                    }
                }
                if (!addOnly) {
                    for (String group : fromKS.getUser().getGroups()) {
                        if (!user.getGroups().contains(group)) {
                            String groupID = this.getGroupID(token.getAuthToken(), con, group);
                            StringBuffer b = new StringBuffer();
                            b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
                            this.callWSDelete(token.getAuthToken(), con, b.toString());
                            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "group", group);
                        }
                    }
                }
            }
            if (attributes.contains("roles")) {
                HashSet<Role> currentRoles = new HashSet<Role>();
                if (fromKS.getUser().getAttribs().get("roles") != null) {
                    Attribute attr = fromKS.getUser().getAttribs().get("roles");
                    for (String jsonRole : attr.getValues()) {
                        currentRoles.add(gson.fromJson(jsonRole, Role.class));
                    }
                }
                if (user.getAttribs().containsKey("roles")) {
                    StringBuffer b = new StringBuffer();
                    Attribute attr = user.getAttribs().get("roles");
                    for (String jsonRole : attr.getValues()) {
                        Role role = gson.fromJson(jsonRole, Role.class);
                        if (!currentRoles.contains(role)) {
                            if (role.getScope().equalsIgnoreCase("project")) {
                                String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                                if (projectid == null) {
                                    throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                                }
                                String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                if (roleid == null) {
                                    throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                }
                                b.setLength(0);
                                b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
                                } else {
                                    throw new ProvisioningException("Could not add role " + jsonRole);
                                }
                            } else {
                                String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                                if (domainid == null) {
                                    throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                                }
                                String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                if (roleid == null) {
                                    throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                }
                                b.setLength(0);
                                b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
                                } else {
                                    throw new ProvisioningException("Could not add role " + jsonRole);
                                }
                            }
                        }
                    }
                }
            }
            if (!addOnly) {
                if (attributes.contains("roles")) {
                    HashSet<Role> currentRoles = new HashSet<Role>();
                    if (user.getAttribs().get("roles") != null) {
                        Attribute attr = user.getAttribs().get("roles");
                        for (String jsonRole : attr.getValues()) {
                            currentRoles.add(gson.fromJson(jsonRole, Role.class));
                        }
                    }
                    if (fromKS.getUser().getAttribs().containsKey("roles")) {
                        StringBuffer b = new StringBuffer();
                        Attribute attr = fromKS.getUser().getAttribs().get("roles");
                        for (String jsonRole : attr.getValues()) {
                            Role role = gson.fromJson(jsonRole, Role.class);
                            if (!currentRoles.contains(role)) {
                                if (role.getScope().equalsIgnoreCase("project")) {
                                    String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                                    if (projectid == null) {
                                        throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                                    }
                                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                    if (roleid == null) {
                                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                    }
                                    b.setLength(0);
                                    b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                    this.callWSDelete(token.getAuthToken(), con, b.toString());
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
                                } else {
                                    String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                                    if (domainid == null) {
                                        throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                                    }
                                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                    if (roleid == null) {
                                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                    }
                                    b.setLength(0);
                                    b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                    this.callWSDelete(token.getAuthToken(), con, b.toString());
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
                                }
                            }
                        }
                    }
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID) HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) KSRole(com.tremolosecurity.unison.openstack.model.KSRole) Role(com.tremolosecurity.unison.openstack.model.Role) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder) HashSet(java.util.HashSet)

Example 19 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method setUserPassword.

@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    if (rolesOnly) {
        throw new ProvisioningException("Unsupported");
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    String id;
    if (user.getAttribs().get("id") != null) {
        id = user.getAttribs().get("id").getValues().get(0);
    } else {
        HashSet<String> attrs = new HashSet<String>();
        attrs.add("id");
        User userFromKS = this.findUser(user.getUserID(), attrs, request);
        id = userFromKS.getAttribs().get("id").getValues().get(0);
    }
    UserHolder holder = new UserHolder();
    holder.setUser(new KSUser());
    holder.getUser().setPassword(user.getPassword());
    Gson gson = new Gson();
    KSUser fromKS = null;
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        String json = gson.toJson(holder);
        StringBuffer b = new StringBuffer();
        b.append(this.url).append("/users/").append(id);
        json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, "password", "***********");
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder) HashSet(java.util.HashSet)

Example 20 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    if (rolesOnly) {
        throw new ProvisioningException("Unsupported");
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    KSUser fromKS = null;
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        String id;
        if (user.getAttribs().get("id") != null) {
            id = user.getAttribs().get("id").getValues().get(0);
        } else {
            HashSet<String> attrs = new HashSet<String>();
            attrs.add("id");
            User userFromKS = this.findUser(user.getUserID(), attrs, request);
            id = userFromKS.getAttribs().get("id").getValues().get(0);
        }
        StringBuffer b = new StringBuffer(this.url).append("/users/").append(id);
        this.callWSDelete(token.getAuthToken(), con, b.toString());
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), true, ActionType.Delete, approvalID, workflow, "name", user.getUserID());
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) User(com.tremolosecurity.provisioning.core.User) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) Workflow(com.tremolosecurity.provisioning.core.Workflow) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) HashSet(java.util.HashSet)

Aggregations

Workflow (com.tremolosecurity.provisioning.core.Workflow)78 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32 IOException (java.io.IOException)30 UnsupportedEncodingException (java.io.UnsupportedEncodingException)22 ClientProtocolException (org.apache.http.client.ClientProtocolException)21 Attribute (com.tremolosecurity.saml.Attribute)19 ArrayList (java.util.ArrayList)18 LDAPException (com.novell.ldap.LDAPException)17 HashMap (java.util.HashMap)17 User (com.tremolosecurity.provisioning.core.User)16 HashSet (java.util.HashSet)15 ParseException (org.json.simple.parser.ParseException)14 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12 JSONObject (org.json.simple.JSONObject)12 Gson (com.google.gson.Gson)11 LDAPEntry (com.novell.ldap.LDAPEntry)11 LDAPAttribute (com.novell.ldap.LDAPAttribute)10 GitLabApiException (org.gitlab4j.api.GitLabApiException)10 SQLException (java.sql.SQLException)9