use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class AddtoRBAC method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
try {
String token = os.getAuthToken();
con = os.createClient();
String rbacCfgMapJson = os.callWS(token, con, "/api/v1/namespaces/argocd/configmaps/argocd-rbac-cm");
JSONObject rbacCfgMap = (JSONObject) new JSONParser().parse(rbacCfgMapJson);
JSONObject data = (JSONObject) rbacCfgMap.get("data");
StringBuilder newRbac = new StringBuilder();
if (data != null) {
newRbac.append(data.get("policy.csv")).append('\n');
}
String policiesToAdd = this.task.renderTemplate(this.toAdd, request);
newRbac.append(policiesToAdd);
JSONObject patch = new JSONObject();
JSONObject pdata = new JSONObject();
patch.put("data", pdata);
pdata.put("policy.csv", newRbac.toString());
String json = patch.toString();
String respJSON = os.callWSPatchJson(token, con, "/api/v1/namespaces/argocd/configmaps/argocd-rbac-cm", json);
if (logger.isDebugEnabled()) {
logger.debug("Response for creating project : '" + respJSON + "'");
}
JSONParser parser = new JSONParser();
JSONObject resp = (JSONObject) parser.parse(respJSON);
String kind = (String) resp.get("kind");
String projectName = (String) ((JSONObject) resp.get("metadata")).get("name");
if (!kind.equalsIgnoreCase("ConfigMap")) {
throw new ProvisioningException("Could not update the ArgoCD RBAC ConfigMap - '" + respJSON + "'");
} else {
this.task.getConfigManager().getProvisioningEngine().logAction(this.k8sTarget, true, ActionType.Replace, approvalID, this.task.getWorkflow(), "argocd-rbac-cm", projectName);
}
} catch (Exception e) {
throw new ProvisioningException("Could not update argocd rbac", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
return true;
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class CreateGitRepository method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
String localType = task.renderTemplate(this.type, request);
String localName = task.renderTemplate(this.name, request);
String localRepoUrl = task.renderTemplate(this.repoUrl, request);
String localSshPrivateKey = task.renderTemplate(this.sshPrivateKey, request);
GitRepo repo = new GitRepo();
repo.setType(localType);
repo.setName(localName);
repo.setRepo(localRepoUrl);
repo.setSshPrivateKey(localSshPrivateKey);
Gson gson = new Gson();
String json = gson.toJson(repo);
// System.out.println(json);
ArgoCDTarget argo = (ArgoCDTarget) task.getConfigManager().getProvisioningEngine().getTarget(this.target).getProvider();
HttpCon con = null;
try {
con = argo.createConnection();
String url = new StringBuilder().append(argo.getUrl()).append("/api/v1/repositories").toString();
HttpPost post = new HttpPost(url);
StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
post.setEntity(str);
HttpResponse resp = con.getHttp().execute(post);
json = EntityUtils.toString(resp.getEntity());
if (resp.getStatusLine().getStatusCode() < 200 || resp.getStatusLine().getStatusCode() >= 300) {
throw new ProvisioningException("Could not create repository - " + resp.getStatusLine().getStatusCode() + " / " + json);
}
task.getConfigManager().getProvisioningEngine().logAction(argo.getName(), true, ActionType.Add, approvalID, workflow, localName, localRepoUrl);
} catch (IOException e) {
throw new ProvisioningException("Could not create repository", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
}
con.getBcm().close();
}
}
return true;
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDBProvider method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
String userid = user.getAttribs().get(this.uidAttrName).getValues().get(0);
this.sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, userid));
this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Delete, approvalID, workflow, "userName", userid);
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDBProvider method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
Iterator<String> it = user.getAttribs().keySet().iterator();
String userid = null;
ArrayList<ReplaceableAttribute> attrs = new ArrayList<ReplaceableAttribute>();
while (it.hasNext()) {
String attrName = it.next();
if (attributes.contains(attrName)) {
Attribute attr = user.getAttribs().get(attrName);
Iterator<String> vals = attr.getValues().iterator();
while (vals.hasNext()) {
attrs.add(new ReplaceableAttribute(attr.getName().toLowerCase(), vals.next(), false));
}
}
if (attrName.equalsIgnoreCase(this.uidAttrName)) {
userid = user.getAttribs().get(attrName).getValues().get(0);
}
}
if (userid == null) {
throw new ProvisioningException("No valid userid attribute");
}
sdb.putAttributes(new PutAttributesRequest(this.userDomain, userid, attrs));
this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "userName", userid);
for (String attrName : user.getAttribs().keySet()) {
Attribute attr = user.getAttribs().get(attrName);
if (!attributes.contains(attr.getName())) {
continue;
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, user.getAttribs().get(attrName).getValues().get(0));
}
boolean ok = false;
while (!ok) {
try {
Thread.sleep(10);
} catch (InterruptedException e) {
}
try {
if (this.findUser(userid, attributes, request) != null) {
ok = true;
} else {
}
} catch (Exception e) {
}
}
Iterator<String> groupNames = user.getGroups().iterator();
while (groupNames.hasNext()) {
String groupName = groupNames.next();
SelectResult res = this.sdb.select(new SelectRequest(this.getGroupSelect(groupName)));
if (res.getItems().size() == 0) {
attrs = new ArrayList<ReplaceableAttribute>();
attrs.add(new ReplaceableAttribute("cn", groupName, false));
sdb.putAttributes(new PutAttributesRequest(groupDomain, groupName, attrs));
}
attrs = new ArrayList<ReplaceableAttribute>();
attrs.add(new ReplaceableAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), userid, false));
sdb.putAttributes(new PutAttributesRequest(this.groupDomain, groupName, attrs));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
ok = false;
while (!ok) {
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
StringBuffer select = new StringBuffer();
select.append("SELECT ").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append(" FROM `").append(this.groupDomain).append("` WHERE cn='").append(groupName).append("' AND ").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append("='").append(userid).append("'");
res = this.sdb.select(new SelectRequest(select.toString()));
ok = res.getItems().size() > 0;
}
}
}
use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.
the class AmazonSimpleDBProvider method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
User amazonUser = this.findUser(user.getAttribs().get(this.uidAttrName).getValues().get(0), attributes, request);
if (amazonUser == null) {
this.createUser(user, attributes, request);
return;
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
String userid = user.getAttribs().get(this.uidAttrName).getValues().get(0);
Set<String> done = new HashSet<String>();
Iterator<String> amazonAttrNames = amazonUser.getAttribs().keySet().iterator();
while (amazonAttrNames.hasNext()) {
String amznAttrName = amazonAttrNames.next();
done.add(amznAttrName);
Attribute userAttr = user.getAttribs().get(amznAttrName);
if (userAttr == null) {
if (addOnly) {
// do nothing
} else {
ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
list.add(new com.amazonaws.services.simpledb.model.Attribute(amznAttrName.toLowerCase(), null));
sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
boolean ok = false;
while (!ok) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
}
StringBuffer select = new StringBuffer();
select.append("SELECT uid FROM `").append(this.userDomain).append("` WHERE uid='").append(userid).append("' AND ").append(amznAttrName).append(" IS NOT NULL");
SelectResult res = this.sdb.select(new SelectRequest(select.toString()));
ok = res.getItems().size() == 0;
}
}
} else {
Set<String> vals = new HashSet<String>();
vals.addAll(userAttr.getValues());
List<String> amznVals = amazonUser.getAttribs().get(amznAttrName).getValues();
for (String val : amznVals) {
if (vals.contains(val)) {
vals.remove(val);
} else {
if (!addOnly) {
ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
list.add(new com.amazonaws.services.simpledb.model.Attribute(userAttr.getName().toLowerCase(), val));
sdb.deleteAttributes(new DeleteAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, userAttr.getName().toLowerCase(), val);
boolean ok = false;
while (!ok) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
}
StringBuffer select = new StringBuffer();
select.append("SELECT uid FROM `").append(this.userDomain).append("` WHERE uid='").append(userid).append("' AND ").append(userAttr.getName().toLowerCase()).append("='").append(val).append("'");
SelectResult res = this.sdb.select(new SelectRequest(select.toString()));
ok = res.getItems().size() == 0;
}
}
}
}
if (vals.size() > 0) {
ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
Iterator<String> itv = vals.iterator();
while (itv.hasNext()) {
String val = itv.next();
list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(userAttr.getName().toLowerCase(), val, false));
}
sdb.putAttributes(new PutAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
itv = vals.iterator();
while (itv.hasNext()) {
String val = itv.next();
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, userAttr.getName().toLowerCase(), val);
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
}
}
Iterator<String> itattr = user.getAttribs().keySet().iterator();
while (itattr.hasNext()) {
String name = itattr.next();
if (attributes.contains(name) && !done.contains(name)) {
ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
for (String val : user.getAttribs().get(name).getValues()) {
list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(name.toLowerCase(), val, false));
}
sdb.putAttributes(new PutAttributesRequest(this.userDomain, amazonUser.getUserID(), list));
for (String val : user.getAttribs().get(name).getValues()) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, name, val);
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
}
}
String select = this.getGroupSelect(amazonUser.getUserID());
SelectResult res = this.sdb.select(new SelectRequest(select));
done.clear();
for (Item group : res.getItems()) {
String name = group.getName();
if (!user.getGroups().contains(name) && !addOnly) {
ArrayList<com.amazonaws.services.simpledb.model.Attribute> list = new ArrayList<com.amazonaws.services.simpledb.model.Attribute>();
list.add(new com.amazonaws.services.simpledb.model.Attribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), amazonUser.getUserID()));
sdb.deleteAttributes(new DeleteAttributesRequest(this.groupDomain, name, list));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", name);
try {
Thread.sleep(500);
} catch (InterruptedException e) {
}
}
done.add(name);
}
for (String groupName : user.getGroups()) {
if (done.contains(groupName)) {
continue;
}
ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute> list = new ArrayList<com.amazonaws.services.simpledb.model.ReplaceableAttribute>();
list.add(new com.amazonaws.services.simpledb.model.ReplaceableAttribute(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), amazonUser.getUserID(), false));
sdb.putAttributes(new PutAttributesRequest(this.groupDomain, groupName, list));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
}
}
Aggregations