Search in sources :

Example 6 with GenPasswd

use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.

the class CreateProject method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    GitlabUserProvider gitlab = (GitlabUserProvider) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
    GitLabApi api = gitlab.getApi();
    String localNamespace = task.renderTemplate(this.namespace, request);
    String localName = task.renderTemplate(this.name, request);
    String localDescription = task.renderTemplate(this.description, request);
    try {
        try {
            Project existingProject = api.getProjectApi().getProject(localNamespace, localName);
            if (existingProject != null) {
                logger.warn("Project " + localNamespace + "/" + localName + " already exists, skipping");
                return true;
            }
        } catch (GitLabApiException e) {
            if (e.getHttpStatus() != 404) {
                throw new ProvisioningException("Error looking up project " + localNamespace + "/" + localName, e);
            }
        }
        Project projectSpec = new Project().withNamespace(api.getNamespaceApi().findNamespaces(localNamespace).get(0)).withName(localName).withDescription(localDescription).withIssuesEnabled(this.issuesEnabled).withMergeRequestsEnabled(this.mergeRequestsEnabled).withWikiEnabled(this.wikiEnabled).withSnippetsEnabled(this.snipitsEnabled).withVisibilityLevel(this.visibility);
        Project newProject = api.getProjectApi().createProject(projectSpec);
        GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(gitlab.getName(), false, ActionType.Add, approvalID, workflow, "gitlab-project-" + newProject.getNameWithNamespace() + "-name", newProject.getNameWithNamespace());
        // generate deployment key
        KeyPairGenerator generator;
        generator = KeyPairGenerator.getInstance("RSA");
        // or: generator = KeyPairGenerator.getInstance("DSA");
        generator.initialize(2048);
        KeyPair keyPair = generator.genKeyPair();
        String sshPubKey = "ssh-rsa " + Base64.encodeBase64String(encodePublicKey((RSAPublicKey) keyPair.getPublic())) + " openunison-deploy-key";
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        org.bouncycastle.openssl.PEMWriter genPrivKey = new org.bouncycastle.openssl.PEMWriter(new OutputStreamWriter(baos));
        genPrivKey.writeObject(keyPair.getPrivate());
        genPrivKey.close();
        String pem = new String(baos.toByteArray());
        api.getDeployKeysApi().addDeployKey(newProject, "openunison-deploy-key", sshPubKey, false);
        GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(gitlab.getName(), false, ActionType.Add, approvalID, workflow, "gitlab-project-" + newProject.getNameWithNamespace() + "-deploykey", "openunison-deploy-key");
        try {
            String base64PrivKey = java.util.Base64.getEncoder().encodeToString(pem.getBytes("UTF-8"));
            request.put("base64SshPrivateKey", base64PrivKey);
        } catch (UnsupportedEncodingException e) {
            throw new ProvisioningException("Could get key", e);
        }
        String gitUrl = newProject.getSshUrlToRepo();
        String prefix = gitUrl.substring(0, gitUrl.indexOf("@") + 1);
        String suffix = gitUrl.substring(gitUrl.indexOf(":"));
        String newGitUrl = new StringBuilder().append(prefix).append(this.gitSshHost).append(suffix).toString();
        request.put("gitSshInternalURL", newGitUrl);
        request.put("gitSshUrl", newProject.getSshUrlToRepo());
        request.put("gitPrivateKey", pem);
        request.put("newProjectJSON", newProject.toString());
        if (createWebHook) {
            String webhookToken = new GenPasswd(50).getPassword();
            String b64WebhookToken = java.util.Base64.getEncoder().encodeToString(webhookToken.getBytes("UTF-8"));
            request.put(webhookSecretRequestName, webhookToken);
            request.put("b64" + webhookSecretRequestName, b64WebhookToken);
            String webhookUrl = new StringBuilder().append("https://").append(localName).append(".").append(this.webhookDomainSuffix).toString();
            ProjectHook hook = new ProjectHook().withPushEvents(true).withPushEventsBranchFilter(this.webhookBranchFilter);
            api.getProjectApi().addHook(newProject, webhookUrl, hook, false, webhookToken);
            GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(gitlab.getName(), false, ActionType.Add, approvalID, workflow, "gitlab-project-" + newProject.getNameWithNamespace() + "-webhook", this.webhookBranchFilter);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create project", e);
    }
    return true;
}
Also used : GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) GitLabApi(org.gitlab4j.api.GitLabApi) KeyPair(java.security.KeyPair) ProjectHook(org.gitlab4j.api.models.ProjectHook) Workflow(com.tremolosecurity.provisioning.core.Workflow) UnsupportedEncodingException(java.io.UnsupportedEncodingException) GitLabApiException(org.gitlab4j.api.GitLabApiException) KeyPairGenerator(java.security.KeyPairGenerator) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) GitLabApiException(org.gitlab4j.api.GitLabApiException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) GitlabUserProvider(com.tremolosecurity.unison.gitlab.provisioning.targets.GitlabUserProvider) Project(org.gitlab4j.api.models.Project) RSAPublicKey(java.security.interfaces.RSAPublicKey) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OutputStreamWriter(java.io.OutputStreamWriter)

Aggregations

GenPasswd (com.tremolosecurity.provisioning.util.GenPasswd)6 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)4 Workflow (com.tremolosecurity.provisioning.core.Workflow)3 Attribute (com.tremolosecurity.saml.Attribute)3 IOException (java.io.IOException)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 User (com.tremolosecurity.provisioning.core.User)2 HashMap (java.util.HashMap)2 GitLabApiException (org.gitlab4j.api.GitLabApiException)2 LDAPAttribute (com.novell.ldap.LDAPAttribute)1 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPException (com.novell.ldap.LDAPException)1 LDAPModification (com.novell.ldap.LDAPModification)1 LDAPReferralException (com.novell.ldap.LDAPReferralException)1 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1 UserStoreProviderWithAddGroup (com.tremolosecurity.provisioning.core.UserStoreProviderWithAddGroup)1 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1