Example 91 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method cleanOldSessions.
@Override
public void cleanOldSessions() throws Exception {
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions").toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
Map ret = gson.fromJson(jsonResp, Map.class);
List items = (List) ret.get("items");
for (Object o : items) {
Map session = (Map) o;
Map spec = (Map) session.get("spec");
String sessionid = (String) spec.get("session_id");
DateTime expires = ISODateTimeFormat.dateTime().parseDateTime((String) spec.get("expires"));
if (expires.isBeforeNow()) {
this.deleteSession(sessionid);
}
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
List(java.util.List)
JSONObject(org.json.simple.JSONObject)
HashMap(java.util.HashMap)
Map(java.util.Map)
DateTime(org.joda.time.DateTime)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 92 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class ClearJobs method execute.
@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
if (configManager == null || configManager.getProvisioningEngine() == null) {
logger.warn("System not fully initialized");
return;
}
String target = context.getJobDetail().getJobDataMap().getString("target");
String uri = context.getJobDetail().getJobDataMap().getString("uri");
String labels = context.getJobDetail().getJobDataMap().getString("labels");
String workflowName = context.getJobDetail().getJobDataMap().getString("workflow");
String runWorkflowAsUsername = context.getJobDetail().getJobDataMap().getString("runWorkflowAsUsername");
String runWorkflowAsUsernameAttribute = context.getJobDetail().getJobDataMap().getString("runWorkflowAsUsernameAttribute");
OpenShiftTarget os = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(target).getProvider();
HttpCon con = null;
try {
con = os.createClient();
String token = os.getAuthToken();
String finalUri = uri + "?labelSelector=" + URLEncoder.encode(labels, "UTF-8");
String jsonResponse = os.callWS(token, con, finalUri);
logger.info(jsonResponse);
JSONObject root = (JSONObject) new JSONParser().parse(jsonResponse);
JSONArray items = (JSONArray) root.get("items");
for (Object o : items) {
JSONObject job = (JSONObject) o;
JSONObject metadata = (JSONObject) job.get("metadata");
JSONObject status = (JSONObject) job.get("status");
if (status != null) {
Long succeed = (Long) status.get("succeeded");
if (succeed != null && succeed.intValue() == 1) {
HashMap<String, Object> request = new HashMap<String, Object>();
request.put("job_name", (String) metadata.get("name"));
JSONObject jobLabels = (JSONObject) metadata.get("labels");
if (jobLabels != null) {
for (Object keyO : jobLabels.keySet()) {
String key = (String) keyO;
logger.info("label - '" + key + "'='" + jobLabels.get(key) + "'");
request.put("job_labels_" + key, jobLabels.get(key));
}
}
User user = new User();
user.setUserID(runWorkflowAsUsername);
user.setRequestReason("Clearing completed job " + metadata.get("name"));
user.getAttribs().put(runWorkflowAsUsernameAttribute, new Attribute(runWorkflowAsUsernameAttribute, runWorkflowAsUsername));
Workflow wf = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName, user);
logger.info(request);
wf.executeWorkflow(user, request);
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not clear object", e);
} finally {
if (con != null) {
con.getBcm().close();
try {
con.getHttp().close();
} catch (IOException e) {
logger.warn("Could not close connection", e);
}
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
JSONArray(org.json.simple.JSONArray)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
IOException(java.io.IOException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONParser(org.json.simple.parser.JSONParser)
DeleteObject(com.tremolosecurity.unison.openshiftv3.jobs.DeleteObject)
JSONObject(org.json.simple.JSONObject)
Example 93 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class K8sUtils method loadConfigMap.
public static Map<String, String> loadConfigMap(String targetName, String namespace, String configMapName) throws Exception {
HashMap<String, String> map = new HashMap<String, String>();
OpenShiftTarget k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(targetName).getProvider();
HttpCon con = k8s.createClient();
try {
StringBuilder sb = new StringBuilder();
sb.append("/api/v1/namespaces/").append(namespace).append("/configmaps/").append(configMapName);
String uri = sb.toString();
String jsonData = k8s.callWS(k8s.getAuthToken(), con, uri);
JSONObject root = (JSONObject) new JSONParser().parse(jsonData);
for (Object key : ((JSONObject) root.get("data")).keySet()) {
map.put((String) key, (String) ((JSONObject) root.get("data")).get(key));
}
} finally {
if (con != null) {
con.getHttp().close();
con.getBcm().close();
}
}
return map;
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
HashMap(java.util.HashMap)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
JSONParser(org.json.simple.parser.JSONParser)
JSONObject(org.json.simple.JSONObject)
Example 94 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class OpenShiftInsert method loadUserFromOpenShift.
private void loadUserFromOpenShift(SearchInterceptorChain chain, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, Results results, LDAPSearchConstraints constraints, OpenShiftTarget k8s, String name, String entryDN, boolean exceptionOnNotFound) throws LDAPException {
User user;
try {
HashSet<String> toFind = new HashSet<String>();
toFind.add("fullName");
user = k8s.findUser(name, toFind, new HashMap<String, Object>());
} catch (ProvisioningException e1) {
throw new LDAPException("Could not load user", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e1);
}
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
if (user == null) {
if (exceptionOnNotFound) {
throw new LDAPException("user not found", LDAPException.NO_SUCH_OBJECT, LDAPException.resultCodeToString(LDAPException.NO_SUCH_OBJECT));
}
} else {
LDAPEntry ldapUser = new LDAPEntry(entryDN);
ldapUser.getAttributeSet().add(new LDAPAttribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
ldapUser.getAttributeSet().add(new LDAPAttribute("uid", user.getUserID()));
if (user.getAttribs().get("fullName") != null) {
ldapUser.getAttributeSet().add(new LDAPAttribute("fullName", user.getAttribs().get("fullName").getValues().get(0)));
}
if (user.getGroups().size() > 0) {
LDAPAttribute groups = new LDAPAttribute("groups");
for (String group : user.getGroups()) {
groups.addValue(group);
}
ldapUser.getAttributeSet().add(groups);
}
ret.add(new Entry(ldapUser));
}
chain.addResult(results, new IteratorEntrySet(ret.iterator()), base, scope, filter, attributes, typesOnly, constraints);
return;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (LDAPException le) {
throw le;
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new LDAPException("Error searching kubernetes", LDAPException.OPERATIONS_ERROR, LDAPException.resultCodeToString(LDAPException.OPERATIONS_ERROR), e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IteratorEntrySet(net.sourceforge.myvd.util.IteratorEntrySet)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HashSet(java.util.HashSet)
Example 95 with HttpCon
use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.
the class AddGroupToRole method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
String localProjectName = task.renderTemplate(projectName, request);
String localGroupName = task.renderTemplate(groupName, request);
String localPolicyName = task.renderTemplate(roleName, request);
HttpCon con = null;
OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget("openshift").getProvider();
try {
String token = os.getAuthToken();
con = os.createClient();
if (this.openShiftVersion == 3.6) {
addTo36Role(os, token, con, localProjectName, localPolicyName, localGroupName, approvalID);
} else {
addToRBACRole(os, token, con, localProjectName, localPolicyName, localGroupName, approvalID);
}
} catch (Exception e) {
throw new ProvisioningException("Could not add group to role", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
return true;
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Aggregations
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)104
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)82
IOException (java.io.IOException)70
ClientProtocolException (org.apache.http.client.ClientProtocolException)49
JSONObject (org.json.simple.JSONObject)43
ParseException (org.json.simple.parser.ParseException)33
Workflow (com.tremolosecurity.provisioning.core.Workflow)32
ArrayList (java.util.ArrayList)32
UnsupportedEncodingException (java.io.UnsupportedEncodingException)31
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)27
JSONParser (org.json.simple.parser.JSONParser)25
HashMap (java.util.HashMap)24
JSONArray (org.json.simple.JSONArray)22
User (com.tremolosecurity.provisioning.core.User)18
Attribute (com.tremolosecurity.saml.Attribute)17
Gson (com.google.gson.Gson)16
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)14
HashSet (java.util.HashSet)13
List (java.util.List)13
KSToken (com.tremolosecurity.unison.openstack.util.KSToken)12
