Search in sources :

Example 26 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AddtoRBAC method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    try {
        String token = os.getAuthToken();
        con = os.createClient();
        String rbacCfgMapJson = os.callWS(token, con, "/api/v1/namespaces/argocd/configmaps/argocd-rbac-cm");
        JSONObject rbacCfgMap = (JSONObject) new JSONParser().parse(rbacCfgMapJson);
        JSONObject data = (JSONObject) rbacCfgMap.get("data");
        StringBuilder newRbac = new StringBuilder();
        if (data != null) {
            newRbac.append(data.get("policy.csv")).append('\n');
        }
        String policiesToAdd = this.task.renderTemplate(this.toAdd, request);
        newRbac.append(policiesToAdd);
        JSONObject patch = new JSONObject();
        JSONObject pdata = new JSONObject();
        patch.put("data", pdata);
        pdata.put("policy.csv", newRbac.toString());
        String json = patch.toString();
        String respJSON = os.callWSPatchJson(token, con, "/api/v1/namespaces/argocd/configmaps/argocd-rbac-cm", json);
        if (logger.isDebugEnabled()) {
            logger.debug("Response for creating project : '" + respJSON + "'");
        }
        JSONParser parser = new JSONParser();
        JSONObject resp = (JSONObject) parser.parse(respJSON);
        String kind = (String) resp.get("kind");
        String projectName = (String) ((JSONObject) resp.get("metadata")).get("name");
        if (!kind.equalsIgnoreCase("ConfigMap")) {
            throw new ProvisioningException("Could not update the ArgoCD RBAC ConfigMap - '" + respJSON + "'");
        } else {
            this.task.getConfigManager().getProvisioningEngine().logAction(this.k8sTarget, true, ActionType.Replace, approvalID, this.task.getWorkflow(), "argocd-rbac-cm", projectName);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not update argocd rbac", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
    return true;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) JSONParser(org.json.simple.parser.JSONParser) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 27 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class CreateGitRepository method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    String localType = task.renderTemplate(this.type, request);
    String localName = task.renderTemplate(this.name, request);
    String localRepoUrl = task.renderTemplate(this.repoUrl, request);
    String localSshPrivateKey = task.renderTemplate(this.sshPrivateKey, request);
    GitRepo repo = new GitRepo();
    repo.setType(localType);
    repo.setName(localName);
    repo.setRepo(localRepoUrl);
    repo.setSshPrivateKey(localSshPrivateKey);
    Gson gson = new Gson();
    String json = gson.toJson(repo);
    // System.out.println(json);
    ArgoCDTarget argo = (ArgoCDTarget) task.getConfigManager().getProvisioningEngine().getTarget(this.target).getProvider();
    HttpCon con = null;
    try {
        con = argo.createConnection();
        String url = new StringBuilder().append(argo.getUrl()).append("/api/v1/repositories").toString();
        HttpPost post = new HttpPost(url);
        StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
        post.setEntity(str);
        HttpResponse resp = con.getHttp().execute(post);
        json = EntityUtils.toString(resp.getEntity());
        if (resp.getStatusLine().getStatusCode() < 200 || resp.getStatusLine().getStatusCode() >= 300) {
            throw new ProvisioningException("Could not create repository - " + resp.getStatusLine().getStatusCode() + " / " + json);
        }
        task.getConfigManager().getProvisioningEngine().logAction(argo.getName(), true, ActionType.Add, approvalID, workflow, localName, localRepoUrl);
    } catch (IOException e) {
        throw new ProvisioningException("Could not create repository", e);
    } finally {
        if (con != null) {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    }
    return true;
}
Also used : HttpPost(org.apache.http.client.methods.HttpPost) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) HttpResponse(org.apache.http.HttpResponse) IOException(java.io.IOException) ArgoCDTarget(com.tremolosecurity.argocd.targets.ArgoCDTarget) StringEntity(org.apache.http.entity.StringEntity) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) GitRepo(com.tremolosecurity.argocd.tasks.obj.GitRepo) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 28 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AmazonSimpleDBProvider method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    String userid = user.getAttribs().get(this.uidAttrName).getValues().get(0);
    this.sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, userid));
    this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Delete, approvalID, workflow, "userName", userid);
    try {
        Thread.sleep(1000);
    } catch (InterruptedException e) {
    }
}
Also used : Workflow(com.tremolosecurity.provisioning.core.Workflow) DeleteAttributesRequest(com.amazonaws.services.simpledb.model.DeleteAttributesRequest)

Example 29 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AmazonSimpleDBProvider method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    Iterator<String> it = user.getAttribs().keySet().iterator();
    String userid = null;
    ArrayList<ReplaceableAttribute> attrs = new ArrayList<ReplaceableAttribute>();
    while (it.hasNext()) {
        String attrName = it.next();
        if (attributes.contains(attrName)) {
            Attribute attr = user.getAttribs().get(attrName);
            Iterator<String> vals = attr.getValues().iterator();
            while (vals.hasNext()) {
                attrs.add(new ReplaceableAttribute(attr.getName().toLowerCase(), vals.next(), false));
            }
        }
        if (attrName.equalsIgnoreCase(this.uidAttrName)) {
            userid = user.getAttribs().get(attrName).getValues().get(0);
        }
    }
    if (userid == null) {
        throw new ProvisioningException("No valid userid attribute");
    }
    sdb.putAttributes(new PutAttributesRequest(this.userDomain, userid, attrs));
    this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "userName", userid);
    for (String attrName : user.getAttribs().keySet()) {
        Attribute attr = user.getAttribs().get(attrName);
        if (!attributes.contains(attr.getName())) {
            continue;
        }
        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
    }
    boolean ok = false;
    while (!ok) {
        try {
            Thread.sleep(10);
        } catch (InterruptedException e) {
        }
        try {
            if (this.findUser(userid, attributes, request) != null) {
                ok = true;
            } else {
            }
        } catch (Exception e) {
        }
    }
    Iterator<String> groupNames = user.getGroups().iterator();
    while (groupNames.hasNext()) {
        String groupName = groupNames.next();
        SelectResult res = this.sdb.select(new SelectRequest(this.getGroupSelect(groupName)));
        if (res.getItems().size() == 0) {
            attrs = new ArrayList<ReplaceableAttribute>();
            attrs.add(new ReplaceableAttribute("cn", groupName, false));
            sdb.putAttributes(new PutAttributesRequest(groupDomain, groupName, attrs));
        }
        attrs = new ArrayList<ReplaceableAttribute>();
        attrs.add(new ReplaceableAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userid, false));
        sdb.putAttributes(new PutAttributesRequest(this.groupDomain, groupName, attrs));
        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
        ok = false;
        while (!ok) {
            try {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
            }
            StringBuffer select = new StringBuffer();
            select.append("SELECT ").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append(" FROM `").append(this.groupDomain).append("` WHERE cn='").append(groupName).append("' AND ").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append("='").append(userid).append("'");
            res = this.sdb.select(new SelectRequest(select.toString()));
            ok = res.getItems().size() > 0;
        }
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute) SelectResult(com.amazonaws.services.simpledb.model.SelectResult) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) PutAttributesRequest(com.amazonaws.services.simpledb.model.PutAttributesRequest) SelectRequest(com.amazonaws.services.simpledb.model.SelectRequest)

Example 30 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AmazonSimpleDBProvider method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    User amazonUser = this.findUser(user.getAttribs().get(this.uidAttrName).getValues().get(0), attributes, request);
    if (amazonUser == null) {
        this.createUser(user, attributes, request);
        return;
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    String userid = user.getAttribs().get(this.uidAttrName).getValues().get(0);
    Set<String> done = new HashSet<String>();
    Iterator<String> amazonAttrNames = amazonUser.getAttribs().keySet().iterator();
    while (amazonAttrNames.hasNext()) {
        String amznAttrName = amazonAttrNames.next();
        done.add(amznAttrName);
        Attribute userAttr = user.getAttribs().get(amznAttrName);
        if (userAttr == null) {
            if (addOnly) {
            // do nothing
            } else {
                ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
                list.add(new com.amazonaws.services.simpledb.model.Attribute(amznAttrName.toLowerCase(), null));
                sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
                boolean ok = false;
                while (!ok) {
                    try {
                        Thread.sleep(500);
                    } catch (InterruptedException e) {
                    }
                    StringBuffer select = new StringBuffer();
                    select.append("SELECT uid FROM `").append(this.userDomain).append("` WHERE uid='").append(userid).append("' AND ").append(amznAttrName).append(" IS NOT NULL");
                    SelectResult res = this.sdb.select(new SelectRequest(select.toString()));
                    ok = res.getItems().size() == 0;
                }
            }
        } else {
            Set<String> vals = new HashSet<String>();
            vals.addAll(userAttr.getValues());
            List<String> amznVals = amazonUser.getAttribs().get(amznAttrName).getValues();
            for (String val : amznVals) {
                if (vals.contains(val)) {
                    vals.remove(val);
                } else {
                    if (!addOnly) {
                        ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
                        list.add(new com.amazonaws.services.simpledb.model.Attribute(userAttr.getName().toLowerCase(), val));
                        sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
                        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, userAttr.getName().toLowerCase(), val);
                        boolean ok = false;
                        while (!ok) {
                            try {
                                Thread.sleep(500);
                            } catch (InterruptedException e) {
                            }
                            StringBuffer select = new StringBuffer();
                            select.append("SELECT uid FROM `").append(this.userDomain).append("` WHERE uid='").append(userid).append("' AND ").append(userAttr.getName().toLowerCase()).append("='").append(val).append("'");
                            SelectResult res = this.sdb.select(new SelectRequest(select.toString()));
                            ok = res.getItems().size() == 0;
                        }
                    }
                }
            }
            if (vals.size() > 0) {
                ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
                Iterator<String> itv = vals.iterator();
                while (itv.hasNext()) {
                    String val = itv.next();
                    list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(userAttr.getName().toLowerCase(), val, false));
                }
                sdb.putAttributes(new PutAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
                itv = vals.iterator();
                while (itv.hasNext()) {
                    String val = itv.next();
                    this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, userAttr.getName().toLowerCase(), val);
                }
                try {
                    Thread.sleep(1000);
                } catch (InterruptedException e) {
                }
            }
        }
        Iterator<String> itattr = user.getAttribs().keySet().iterator();
        while (itattr.hasNext()) {
            String name = itattr.next();
            if (attributes.contains(name) && !done.contains(name)) {
                ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
                for (String val : user.getAttribs().get(name).getValues()) {
                    list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(name.toLowerCase(), val, false));
                }
                sdb.putAttributes(new PutAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
                for (String val : user.getAttribs().get(name).getValues()) {
                    this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, name, val);
                }
                try {
                    Thread.sleep(1000);
                } catch (InterruptedException e) {
                }
            }
        }
        String select = this.getGroupSelect(amazonUser.getUserID());
        SelectResult res = this.sdb.select(new SelectRequest(select));
        done.clear();
        for (Item group : res.getItems()) {
            String name = group.getName();
            if (!user.getGroups().contains(name) && !addOnly) {
                ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
                list.add(new com.amazonaws.services.simpledb.model.Attribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), amazonUser.getUserID()));
                sdb.deleteAttributes(new DeleteAttributesRequest(this.groupDomain, name, list));
                this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", name);
                try {
                    Thread.sleep(500);
                } catch (InterruptedException e) {
                }
            }
            done.add(name);
        }
        for (String groupName : user.getGroups()) {
            if (done.contains(groupName)) {
                continue;
            }
            ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
            list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), amazonUser.getUserID(), false));
            sdb.putAttributes(new PutAttributesRequest(this.groupDomain, groupName, list));
            this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute) ArrayList(java.util.ArrayList) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute) Item(com.amazonaws.services.simpledb.model.Item) DeleteAttributesRequest(com.amazonaws.services.simpledb.model.DeleteAttributesRequest) SelectRequest(com.amazonaws.services.simpledb.model.SelectRequest) HashSet(java.util.HashSet) Workflow(com.tremolosecurity.provisioning.core.Workflow) SelectResult(com.amazonaws.services.simpledb.model.SelectResult) PutAttributesRequest(com.amazonaws.services.simpledb.model.PutAttributesRequest) ReplaceableAttribute(com.amazonaws.services.simpledb.model.ReplaceableAttribute)

Aggregations

Workflow (com.tremolosecurity.provisioning.core.Workflow)78 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32 IOException (java.io.IOException)30 UnsupportedEncodingException (java.io.UnsupportedEncodingException)22 ClientProtocolException (org.apache.http.client.ClientProtocolException)21 Attribute (com.tremolosecurity.saml.Attribute)19 ArrayList (java.util.ArrayList)18 LDAPException (com.novell.ldap.LDAPException)17 HashMap (java.util.HashMap)17 User (com.tremolosecurity.provisioning.core.User)16 HashSet (java.util.HashSet)15 ParseException (org.json.simple.parser.ParseException)14 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12 JSONObject (org.json.simple.JSONObject)12 Gson (com.google.gson.Gson)11 LDAPEntry (com.novell.ldap.LDAPEntry)11 LDAPAttribute (com.novell.ldap.LDAPAttribute)10 GitLabApiException (org.gitlab4j.api.GitLabApiException)10 SQLException (java.sql.SQLException)9