Example 21 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class PushToGit method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
String localSecretName = task.renderTemplate(secretName, request);
String localNameSpace = task.renderTemplate(nameSpace, request);
String localTarget = task.renderTemplate(this.target, request);
String localKeyName = task.renderTemplate(this.keyName, request);
String localGitRepo = task.renderTemplate(gitRepo, request);
String localCommitMsg = task.renderTemplate(commitMsg, request);
OpenShiftTarget target = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(localTarget).getProvider();
HttpCon con = null;
GitUtils gitUtil = null;
try {
con = target.createClient();
StringBuilder sb = new StringBuilder();
sb.append("/api/v1/namespaces/").append(localNameSpace).append("/secrets/").append(localSecretName);
String json = target.callWS(target.getAuthToken(), con, sb.toString());
JSONObject secret = (JSONObject) new JSONParser().parse(json);
JSONObject data = (JSONObject) secret.get("data");
if (data == null) {
throw new Exception("No data found for " + sb.toString());
}
String b64KeyData = (String) data.get(localKeyName);
if (b64KeyData == null) {
throw new ProvisioningException("Could not find key '" + localKeyName + "' in '" + sb.toString() + "'");
}
String privateKey = new String(java.util.Base64.getDecoder().decode(b64KeyData));
gitUtil = new GitUtils(localGitRepo, privateKey);
try {
gitUtil.checkOut();
} catch (Exception e) {
throw new Exception("Could not checkout repo");
}
List<GitFile> files = (List<GitFile>) request.get(requestObject);
if (files == null) {
throw new Exception("No gitfiles stored in '" + requestObject + "'");
}
gitUtil.applyFiles(files);
gitUtil.commitAndPush(localCommitMsg);
} catch (Exception e) {
throw new ProvisioningException("Could not push to git", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
}
con.getBcm().close();
}
if (gitUtil != null) {
gitUtil.cleanup();
}
}
return true;
}
Also used :
GitFile(com.tremolosecurity.provisioning.tasks.dataobj.GitFile)
GitUtils(com.tremolosecurity.git.GitUtils)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
IOException(java.io.IOException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONParser(org.json.simple.parser.JSONParser)
List(java.util.List)
Example 22 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
try {
HttpCon con = k8s.createClient();
try {
k8s.callWSDelete(k8s.getAuthToken(), con, url);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, true, ActionType.Delete, approvalID, workflow, "sub", user.getUserID());
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 23 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HashMap<String, Object> createObject = new HashMap<String, Object>();
createObject.put("apiVersion", "openunison.tremolo.io/v1");
createObject.put("kind", "User");
HashMap<String, Object> metaData = new HashMap<String, Object>();
createObject.put("metadata", metaData);
metaData.put("name", k8sUserId);
metaData.put("namespace", this.nameSpace);
HashMap<String, Object> spec = new HashMap<String, Object>();
createObject.put("spec", spec);
if (attributes.contains("sub")) {
if (user.getAttribs().get("sub") == null) {
throw new ProvisioningException("No sub attribute");
}
spec.put("sub", user.getAttribs().get("sub").getValues().get(0));
}
if (attributes.contains("first_name")) {
if (user.getAttribs().get("first_name") == null) {
throw new ProvisioningException("No first_name attribute");
}
spec.put("first_name", user.getAttribs().get("first_name").getValues().get(0));
}
if (attributes.contains("last_name")) {
if (user.getAttribs().get("last_name") == null) {
throw new ProvisioningException("No last_name attribute");
}
spec.put("last_name", user.getAttribs().get("last_name").getValues().get(0));
}
if (attributes.contains("email")) {
if (user.getAttribs().get("email") == null) {
throw new ProvisioningException("No email attribute");
}
spec.put("email", user.getAttribs().get("email").getValues().get(0));
}
if (attributes.contains("uid")) {
spec.put("uid", k8sUserId);
}
spec.put("groups", user.getGroups());
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users").toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonReq = this.gsonNoUnderScore.toJson(createObject);
String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
throw new ProvisioningException("User not created - '" + jsonResp + "'");
}
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "sub", user.getUserID());
if (attributes.contains("sub")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "sub", user.getAttribs().get("sub").getValues().get(0));
}
if (attributes.contains("first_name")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "first_name", user.getAttribs().get("first_name").getValues().get(0));
}
if (attributes.contains("last_name")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "last_name", user.getAttribs().get("last_name").getValues().get(0));
}
if (attributes.contains("email")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "email", user.getAttribs().get("email").getValues().get(0));
}
if (attributes.contains("uid")) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "uid", k8sUserId);
}
for (String group : user.getGroups()) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
Also used :
HashMap(java.util.HashMap)
UserData(com.tremolosecurity.myvd.dataObj.UserData)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 24 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
String k8sUserId = OpenShiftTarget.sub2uid(userID);
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
ArrayList<Entry> ret = new ArrayList<Entry>();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
K8sUser k8sUser = gson.fromJson(jsonResp, UserData.class).getSpec();
if (k8sUser == null) {
return null;
} else {
User user = new User(userID);
if (attributes.contains("sub")) {
user.getAttribs().put("sub", new Attribute("sub", k8sUser.getSub()));
}
if (attributes.contains("first_name")) {
user.getAttribs().put("first_name", new Attribute("first_name", k8sUser.getFirstName()));
}
if (attributes.contains("last_name")) {
user.getAttribs().put("last_name", new Attribute("last_name", k8sUser.getLastName()));
}
if (attributes.contains("email")) {
user.getAttribs().put("email", new Attribute("email", k8sUser.getEmail()));
}
if (attributes.contains("uid")) {
user.getAttribs().put("uid", new Attribute("uid", k8sUser.getUid()));
}
if (k8sUser.getGroups().size() > 0) {
for (String group : k8sUser.getGroups()) {
user.getGroups().add(group);
}
}
return user;
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
Also used :
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
User(com.tremolosecurity.provisioning.core.User)
UserData(com.tremolosecurity.myvd.dataObj.UserData)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
ArrayList(java.util.ArrayList)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Entry(net.sourceforge.myvd.types.Entry)
LDAPEntry(com.novell.ldap.LDAPEntry)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 25 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sCrdUserProvider method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
User fromServer = this.findUser(user.getUserID(), attributes, request);
if (fromServer == null) {
this.createUser(user, attributes, request);
} else {
String k8sUserId = OpenShiftTarget.sub2uid(user.getUserID());
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/users/").append(k8sUserId).toString();
HashMap<String, Object> patch = new HashMap<String, Object>();
if (attributes.contains("first_name")) {
if (!fromServer.getAttribs().get("first_name").getValues().get(0).equalsIgnoreCase(user.getAttribs().get("first_name").getValues().get(0))) {
patch.put("first_name", user.getAttribs().get("first_name").getValues().get(0));
}
}
if (attributes.contains("last_name")) {
if (!fromServer.getAttribs().get("last_name").getValues().get(0).equalsIgnoreCase(user.getAttribs().get("last_name").getValues().get(0))) {
patch.put("last_name", user.getAttribs().get("last_name").getValues().get(0));
}
}
if (attributes.contains("email")) {
if (!fromServer.getAttribs().get("email").getValues().get(0).equalsIgnoreCase(user.getAttribs().get("email").getValues().get(0))) {
patch.put("email", user.getAttribs().get("email").getValues().get(0));
}
}
List<String> newGroups = new ArrayList<String>();
List<String> added = new ArrayList<String>();
newGroups.addAll(fromServer.getGroups());
for (String groupFromUser : user.getGroups()) {
if (!newGroups.contains(groupFromUser)) {
newGroups.add(groupFromUser);
added.add(groupFromUser);
}
}
List<String> removed = new ArrayList<String>();
if (!addOnly) {
for (String newGroup : newGroups) {
if (!user.getGroups().contains(newGroup)) {
removed.add(newGroup);
}
}
if (removed.size() > 0) {
newGroups.removeAll(removed);
}
}
if (added.size() > 0 || removed.size() > 0) {
patch.put("groups", newGroups);
}
if (patch.size() > 0) {
HashMap<String, Object> spec = new HashMap<String, Object>();
spec.put("spec", patch);
String json = this.gsonNoUnderScore.toJson(spec);
try {
HttpCon con = k8s.createClient();
try {
k8s.callWSPatchJson(k8s.getAuthToken(), con, url, json);
for (String attrName : patch.keySet()) {
if (attrName.equalsIgnoreCase("groups")) {
for (String group : added) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
}
for (String group : removed) {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Delete, approvalID, workflow, "group", group);
}
} else {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name, false, ActionType.Replace, approvalID, workflow, attrName, patch.get(attrName).toString());
}
}
// GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().logAction(this.name,true, ActionType.Delete, approvalID, workflow,"sub", user.getUserID());
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new ProvisioningException("Error searching kubernetes", e);
}
}
}
}
Also used :
K8sUser(com.tremolosecurity.myvd.dataObj.K8sUser)
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Aggregations
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)36
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)30
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)27
JSONObject (org.json.simple.JSONObject)18
ArrayList (java.util.ArrayList)13
JSONParser (org.json.simple.parser.JSONParser)13
HashMap (java.util.HashMap)12
IOException (java.io.IOException)11
Workflow (com.tremolosecurity.provisioning.core.Workflow)9
LDAPException (com.novell.ldap.LDAPException)7
List (java.util.List)7
Map (java.util.Map)7
Attribute (com.tremolosecurity.saml.Attribute)6
GitFile (com.tremolosecurity.provisioning.tasks.dataobj.GitFile)5
JSONArray (org.json.simple.JSONArray)4
ParseException (org.json.simple.parser.ParseException)4
Gson (com.google.gson.Gson)3
LDAPEntry (com.novell.ldap.LDAPEntry)3
K8sUser (com.tremolosecurity.myvd.dataObj.K8sUser)3
User (com.tremolosecurity.provisioning.core.User)3
