use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class LDAPProvider method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
StringBuffer filter = new StringBuffer();
filter.append("(").append(this.userIDAttribute).append("=").append(user.getUserID()).append(")");
LdapConnection con;
try {
con = this.ldapPool.getConnection();
} catch (Exception e) {
throw new ProvisioningException("Could not get LDAP connection " + user.getUserID(), e);
}
try {
LDAPSearchResults res = con.getConnection().search(searchBase, 2, filter.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
throw new ProvisioningException("User does not exist " + user.getUserID());
}
String dn = res.next().getDN();
while (res.hasMore()) res.next();
con.getConnection().delete(dn);
this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Delete, approvalID, workflow, "dn", dn);
} finally {
con.returnCon();
}
} catch (LDAPException e) {
throw new ProvisioningException("Could not delete user " + user.getUserID(), e);
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class DeleteGroupMembers method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
String localWorkflowName = task.renderTemplate(this.workflowName, request);
String localGroupToDelete = task.renderTemplate(this.groupToDelete, request);
String localGroupNameAttribute = task.renderTemplate(this.groupNameAttribute, request);
String memberAttr = task.getConfigManager().getCfg().getGroupMemberAttribute();
String[] members = null;
String groupName = null;
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(localGroupToDelete, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry group = rs.next();
while (rs.hasMore()) rs.next();
if (group.getAttribute(memberAttr) != null) {
members = group.getAttribute(memberAttr).getStringValueArray();
} else {
members = new String[] {};
}
if (group.getAttribute(localGroupNameAttribute) != null) {
groupName = group.getAttribute(localGroupNameAttribute).getStringValue();
} else {
throw new ProvisioningException("Group '" + localGroupToDelete + "' has no '" + localGroupNameAttribute + "' attribute");
}
} catch (LDAPException e) {
throw new ProvisioningException("Could not load from group", e);
}
for (String member : members) {
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(member, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry ldapMember = rs.next();
TremoloUser userToUpdate = new TremoloUser();
userToUpdate.setUid(ldapMember.getAttribute(this.uidAttribute).getStringValue());
userToUpdate.getAttributes().add(new Attribute(this.uidAttribute, userToUpdate.getUid()));
Workflow wf = task.getConfigManager().getProvisioningEngine().getWorkFlow(localWorkflowName);
WFCall call = new WFCall();
call.setReason("removing from to be deleted group " + localGroupToDelete);
call.setUidAttributeName(this.uidAttribute);
call.setUser(userToUpdate);
call.setRequestor(this.requestor);
call.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
call.getRequestParams().put("openunison_grouptoremove", groupName);
wf.executeWorkflow(call);
} catch (LDAPException e) {
logger.warn("Could not remove user '" + member + "'", e);
}
}
return true;
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
Gson gson = new Gson();
try {
con = this.createClient();
KSToken token = this.getToken(con);
UserAndID fromKS = this.lookupUser(user.getUserID(), attributes, request, token, con);
if (fromKS == null) {
this.createUser(user, attributes, request);
} else {
// check attributes
HashMap<String, String> attrsUpdate = new HashMap<String, String>();
KSUser toPatch = new KSUser();
if (!rolesOnly) {
if (attributes.contains("email")) {
String fromKSVal = null;
String newVal = null;
if (fromKS.getUser().getAttribs().get("email") != null) {
fromKSVal = fromKS.getUser().getAttribs().get("email").getValues().get(0);
}
if (user.getAttribs().get("email") != null) {
newVal = user.getAttribs().get("email").getValues().get(0);
}
if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
toPatch.setEmail(newVal);
attrsUpdate.put("email", newVal);
} else if (!addOnly && newVal == null && fromKSVal != null) {
toPatch.setEmail("");
attrsUpdate.put("email", "");
}
}
if (attributes.contains("enabled")) {
String fromKSVal = null;
String newVal = null;
if (fromKS.getUser().getAttribs().get("enabled") != null) {
fromKSVal = fromKS.getUser().getAttribs().get("enabled").getValues().get(0);
}
if (user.getAttribs().get("enabled") != null) {
newVal = user.getAttribs().get("enabled").getValues().get(0);
}
if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
toPatch.setName(newVal);
attrsUpdate.put("enabled", newVal);
} else if (!addOnly && newVal == null && fromKSVal != null) {
toPatch.setEnabled(false);
attrsUpdate.put("enabled", "");
}
}
if (attributes.contains("description")) {
String fromKSVal = null;
String newVal = null;
if (fromKS.getUser().getAttribs().get("description") != null) {
fromKSVal = fromKS.getUser().getAttribs().get("description").getValues().get(0);
}
if (user.getAttribs().get("description") != null) {
newVal = user.getAttribs().get("description").getValues().get(0);
}
if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
toPatch.setDescription(newVal);
attrsUpdate.put("description", newVal);
} else if (!addOnly && newVal == null && fromKSVal != null) {
toPatch.setDescription("");
attrsUpdate.put("description", "");
}
}
if (!attrsUpdate.isEmpty()) {
UserHolder holder = new UserHolder();
holder.setUser(toPatch);
String json = gson.toJson(holder);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users/").append(fromKS.getId());
json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
for (String attr : attrsUpdate.keySet()) {
String val = attrsUpdate.get(attr);
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, attr, val);
}
}
for (String group : user.getGroups()) {
if (!fromKS.getUser().getGroups().contains(group)) {
String groupID = this.getGroupID(token.getAuthToken(), con, group);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "group", group);
} else {
throw new ProvisioningException("Could not add group " + group);
}
}
}
if (!addOnly) {
for (String group : fromKS.getUser().getGroups()) {
if (!user.getGroups().contains(group)) {
String groupID = this.getGroupID(token.getAuthToken(), con, group);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "group", group);
}
}
}
}
if (attributes.contains("roles")) {
HashSet<Role> currentRoles = new HashSet<Role>();
if (fromKS.getUser().getAttribs().get("roles") != null) {
Attribute attr = fromKS.getUser().getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
currentRoles.add(gson.fromJson(jsonRole, Role.class));
}
}
if (user.getAttribs().containsKey("roles")) {
StringBuffer b = new StringBuffer();
Attribute attr = user.getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
Role role = gson.fromJson(jsonRole, Role.class);
if (!currentRoles.contains(role)) {
if (role.getScope().equalsIgnoreCase("project")) {
String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
if (projectid == null) {
throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
} else {
throw new ProvisioningException("Could not add role " + jsonRole);
}
} else {
String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
if (domainid == null) {
throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
} else {
throw new ProvisioningException("Could not add role " + jsonRole);
}
}
}
}
}
}
if (!addOnly) {
if (attributes.contains("roles")) {
HashSet<Role> currentRoles = new HashSet<Role>();
if (user.getAttribs().get("roles") != null) {
Attribute attr = user.getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
currentRoles.add(gson.fromJson(jsonRole, Role.class));
}
}
if (fromKS.getUser().getAttribs().containsKey("roles")) {
StringBuffer b = new StringBuffer();
Attribute attr = fromKS.getUser().getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
Role role = gson.fromJson(jsonRole, Role.class);
if (!currentRoles.contains(role)) {
if (role.getScope().equalsIgnoreCase("project")) {
String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
if (projectid == null) {
throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
} else {
String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
if (domainid == null) {
throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
}
}
}
}
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method setUserPassword.
@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
UserHolder holder = new UserHolder();
holder.setUser(new KSUser());
holder.getUser().setPassword(user.getPassword());
Gson gson = new Gson();
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String json = gson.toJson(holder);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users/").append(id);
json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, "password", "***********");
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
StringBuffer b = new StringBuffer(this.url).append("/users/").append(id);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), true, ActionType.Delete, approvalID, workflow, "name", user.getUserID());
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Aggregations