use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.
the class CreateProject method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
GitlabUserProvider gitlab = (GitlabUserProvider) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
GitLabApi api = gitlab.getApi();
String localNamespace = task.renderTemplate(this.namespace, request);
String localName = task.renderTemplate(this.name, request);
String localDescription = task.renderTemplate(this.description, request);
try {
try {
Project existingProject = api.getProjectApi().getProject(localNamespace, localName);
if (existingProject != null) {
logger.warn("Project " + localNamespace + "/" + localName + " already exists, skipping");
return true;
}
} catch (GitLabApiException e) {
if (e.getHttpStatus() != 404) {
throw new ProvisioningException("Error looking up project " + localNamespace + "/" + localName, e);
}
}
Project projectSpec = new Project().withNamespace(api.getNamespaceApi().findNamespaces(localNamespace).get(0)).withName(localName).withDescription(localDescription).withIssuesEnabled(this.issuesEnabled).withMergeRequestsEnabled(this.mergeRequestsEnabled).withWikiEnabled(this.wikiEnabled).withSnippetsEnabled(this.snipitsEnabled).withVisibilityLevel(this.visibility);
Project newProject = api.getProjectApi().createProject(projectSpec);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(gitlab.getName(), false, ActionType.Add, approvalID, workflow, "gitlab-project-" + newProject.getNameWithNamespace() + "-name", newProject.getNameWithNamespace());
// generate deployment key
KeyPairGenerator generator;
generator = KeyPairGenerator.getInstance("RSA");
// or: generator = KeyPairGenerator.getInstance("DSA");
generator.initialize(2048);
KeyPair keyPair = generator.genKeyPair();
String sshPubKey = "ssh-rsa " + Base64.encodeBase64String(encodePublicKey((RSAPublicKey) keyPair.getPublic())) + " openunison-deploy-key";
ByteArrayOutputStream baos = new ByteArrayOutputStream();
org.bouncycastle.openssl.PEMWriter genPrivKey = new org.bouncycastle.openssl.PEMWriter(new OutputStreamWriter(baos));
genPrivKey.writeObject(keyPair.getPrivate());
genPrivKey.close();
String pem = new String(baos.toByteArray());
api.getDeployKeysApi().addDeployKey(newProject, "openunison-deploy-key", sshPubKey, false);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(gitlab.getName(), false, ActionType.Add, approvalID, workflow, "gitlab-project-" + newProject.getNameWithNamespace() + "-deploykey", "openunison-deploy-key");
try {
String base64PrivKey = java.util.Base64.getEncoder().encodeToString(pem.getBytes("UTF-8"));
request.put("base64SshPrivateKey", base64PrivKey);
} catch (UnsupportedEncodingException e) {
throw new ProvisioningException("Could get key", e);
}
String gitUrl = newProject.getSshUrlToRepo();
String prefix = gitUrl.substring(0, gitUrl.indexOf("@") + 1);
String suffix = gitUrl.substring(gitUrl.indexOf(":"));
String newGitUrl = new StringBuilder().append(prefix).append(this.gitSshHost).append(suffix).toString();
request.put("gitSshInternalURL", newGitUrl);
request.put("gitSshUrl", newProject.getSshUrlToRepo());
request.put("gitPrivateKey", pem);
request.put("newProjectJSON", newProject.toString());
if (createWebHook) {
String webhookToken = new GenPasswd(50).getPassword();
String b64WebhookToken = java.util.Base64.getEncoder().encodeToString(webhookToken.getBytes("UTF-8"));
request.put(webhookSecretRequestName, webhookToken);
request.put("b64" + webhookSecretRequestName, b64WebhookToken);
String webhookUrl = new StringBuilder().append("https://").append(localName).append(".").append(this.webhookDomainSuffix).toString();
ProjectHook hook = new ProjectHook().withPushEvents(true).withPushEventsBranchFilter(this.webhookBranchFilter);
api.getProjectApi().addHook(newProject, webhookUrl, hook, false, webhookToken);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(gitlab.getName(), false, ActionType.Add, approvalID, workflow, "gitlab-project-" + newProject.getNameWithNamespace() + "-webhook", this.webhookBranchFilter);
}
} catch (Exception e) {
throw new ProvisioningException("Could not create project", e);
}
return true;
}
Aggregations