Search in sources :

Example 1 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method deleteFullName.

private String deleteFullName(User user, int approvalID, Workflow workflow, Gson gson, StringBuffer b) throws Exception, IOException, ClientProtocolException, ProvisioningException {
    String token;
    token = this.getAuthToken();
    HttpCon con = this.createClient();
    try {
        b.append("/apis/user.openshift.io/v1/users/").append(user.getUserID());
        String json = callWS(token, con, b.toString());
        com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
        osUser.setFullName(null);
        json = gson.toJson(osUser);
        json = callWSPut(token, con, b.toString(), json);
        osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
        if (osUser.getKind().equals("User")) {
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, "fullName", osUser.getFullName());
        } else {
            throw new Exception("Could not unset fullName for " + user.getUserID() + " - " + osUser.getReason());
        }
    } finally {
        con.getHttp().close();
        con.getBcm().shutdown();
    }
    return token;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) User(com.tremolosecurity.provisioning.core.User) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 2 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method syncGroups.

private void syncGroups(User user, boolean addOnly, int approvalID, Workflow workflow, User fromServer, String token) throws Exception, IOException {
    HttpCon con = null;
    try {
        // first see if there are groups to add
        HashSet<String> fromServerGroups = new HashSet<String>();
        fromServerGroups.addAll(fromServer.getGroups());
        for (String groupName : user.getGroups()) {
            if (!fromServerGroups.contains(groupName)) {
                if (token == null) {
                    token = this.getAuthToken();
                }
                if (con == null) {
                    con = this.createClient();
                }
                this.addUserToGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
            }
        }
        if (!addOnly) {
            // remove groups no longer present
            HashSet<String> fromUserGroups = new HashSet<String>();
            fromUserGroups.addAll(user.getGroups());
            for (String groupName : fromServer.getGroups()) {
                if (!fromUserGroups.contains(groupName)) {
                    if (token == null) {
                        token = this.getAuthToken();
                    }
                    if (con == null) {
                        con = this.createClient();
                    }
                    this.removeUserFromGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
                }
            }
        }
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
            con.getHttp().close();
        }
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) HashSet(java.util.HashSet)

Example 3 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    com.tremolosecurity.unison.openshiftv3.model.users.User osUser = new com.tremolosecurity.unison.openshiftv3.model.users.User();
    osUser.setKind("User");
    osUser.setApiVersion("user.openshift.io/v1");
    osUser.getMetadata().put("name", user.getUserID());
    if (user.getAttribs().get("fullName") != null) {
        osUser.setFullName(user.getAttribs().get("fullName").getValues().get(0));
    }
    Gson gson = new Gson();
    try {
        String token = this.getAuthToken();
        HttpCon con = this.createClient();
        try {
            String json = gson.toJson(osUser);
            StringBuffer b = new StringBuffer();
            b.append("/apis/user.openshift.io/v1/users");
            osUser = gson.fromJson(this.callWSPost(token, con, b.toString(), json), com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (!osUser.getKind().equals("User")) {
                throw new ProvisioningException("Could not create user " + user.getUserID() + " - " + osUser.getReason());
            }
            this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "name", user.getUserID());
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "name", (String) osUser.getMetadata().get("name"));
            if (user.getAttribs().get("fullName") != null) {
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "fullName", osUser.getFullName());
            }
            for (String groupName : user.getGroups()) {
                this.addUserToGroup(token, con, user.getUserID(), groupName, approvalID, workflow);
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create user", e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 4 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    try {
        User user = null;
        String token = this.getAuthToken();
        // users aren't bound to groups and there's no way to directly lookup what groups a user has
        // so we need to read all groups and see if the user exists
        ArrayList<String> groupsForUser = new ArrayList<String>();
        HttpCon con = this.createClient();
        StringBuffer b = new StringBuffer();
        com.tremolosecurity.unison.openshiftv3.model.List<GroupItem> groupList = null;
        try {
            String json = callWS(token, con, "/apis/user.openshift.io/v1/groups");
            Gson gson = new Gson();
            TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>> tokenType = new TypeToken<com.tremolosecurity.unison.openshiftv3.model.List<GroupItem>>() {
            };
            groupList = gson.fromJson(json, tokenType.getType());
            b.append("/apis/user.openshift.io/v1/users/").append(userID);
            json = callWS(token, con, b.toString());
            com.tremolosecurity.unison.openshiftv3.model.users.User osUser = gson.fromJson(json, com.tremolosecurity.unison.openshiftv3.model.users.User.class);
            if (osUser.getKind().equalsIgnoreCase("User")) {
                user = new User(userID);
                for (String attrName : osUser.getMetadata().keySet()) {
                    if (!attrName.equalsIgnoreCase("fullName") && attributes.contains(attrName)) {
                        user.getAttribs().put(attrName, new Attribute(attrName, (String) osUser.getMetadata().get(attrName)));
                    }
                }
                if (attributes.contains("fullName") && osUser.getFullName() != null) {
                    user.getAttribs().put("fullName", new Attribute("fullName", osUser.getFullName()));
                }
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
        for (GroupItem group : groupList.getItems()) {
            if (group.getUsers() != null && group.getUsers().contains(userID)) {
                groupsForUser.add((String) group.getMetadata().get("name"));
            }
        }
        if (groupsForUser.isEmpty()) {
            return user;
        } else {
            if (user == null) {
                // user = new User(userID);
                return null;
            }
            user.getGroups().addAll(groupsForUser);
            return user;
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not load " + userID, e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) TypeToken(com.google.gson.reflect.TypeToken) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) GroupItem(com.tremolosecurity.unison.openshiftv3.model.groups.GroupItem) List(java.util.List) ArrayList(java.util.ArrayList)

Example 5 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method createClient.

public HttpCon createClient() throws Exception {
    ArrayList<Header> defheaders = new ArrayList<Header>();
    defheaders.add(new BasicHeader("X-Csrf-Token", "1"));
    BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
    RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
    CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultHeaders(defheaders).setDefaultRequestConfig(rc).build();
    HttpCon con = new HttpCon();
    con.setBcm(bhcm);
    con.setHttp(http);
    return con;
}
Also used : RequestConfig(org.apache.http.client.config.RequestConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) Header(org.apache.http.Header) BasicHeader(org.apache.http.message.BasicHeader) ArrayList(java.util.ArrayList) BasicHeader(org.apache.http.message.BasicHeader) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)

Aggregations

HttpCon (com.tremolosecurity.provisioning.util.HttpCon)104 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)82 IOException (java.io.IOException)70 ClientProtocolException (org.apache.http.client.ClientProtocolException)49 JSONObject (org.json.simple.JSONObject)43 ParseException (org.json.simple.parser.ParseException)33 Workflow (com.tremolosecurity.provisioning.core.Workflow)32 ArrayList (java.util.ArrayList)32 UnsupportedEncodingException (java.io.UnsupportedEncodingException)31 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)27 JSONParser (org.json.simple.parser.JSONParser)25 HashMap (java.util.HashMap)24 JSONArray (org.json.simple.JSONArray)22 User (com.tremolosecurity.provisioning.core.User)18 Attribute (com.tremolosecurity.saml.Attribute)17 Gson (com.google.gson.Gson)16 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)14 HashSet (java.util.HashSet)13 List (java.util.List)13 KSToken (com.tremolosecurity.unison.openstack.util.KSToken)12