Example 26 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class WaitForObjectCreation method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
long start = System.currentTimeMillis();
for (String uri : this.uris) {
String localUri = task.renderTemplate(uri, request);
boolean found = false;
while (!found) {
OpenShiftTarget k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
HttpCon con = null;
try {
String token = k8s.getAuthToken();
con = k8s.createClient();
found = k8s.isObjectExistsByPath(token, con, localUri);
if (!found) {
if ((start + this.timeOut) < System.currentTimeMillis()) {
throw new ProvisioningException("Timeout waiting for " + localUri);
} else {
logger.info(localUri + " not found, waiting 30 seconds");
}
Thread.sleep(30000);
} else {
logger.info(localUri + " found");
}
} catch (Exception e) {
throw new ProvisioningException("Could not wait for object creation", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
// do nothing
}
con.getBcm().close();
}
}
}
}
return true;
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
IOException(java.io.IOException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
Example 27 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method getSession.
@Override
public OidcSessionState getSession(String sessionId) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
if (logger.isDebugEnabled()) {
logger.debug("json response from deleting object : " + jsonResp);
}
Map ret = gson.fromJson(jsonResp, Map.class);
Map spec = (Map) ret.get("spec");
if (spec == null) {
return null;
}
OidcSessionState session = new OidcSessionState();
session.setSessionID(spec.get("session_id").toString());
session.setClientID(spec.get("client_id").toString());
session.setEncryptedAccessToken(spec.get("encrypted_access_token").toString());
session.setEncryptedIdToken(spec.get("encrypted_id_token").toString());
session.setRefreshToken(spec.get("refresh_token").toString());
session.setUserDN(spec.get("user_dn").toString());
session.setExpires(ISODateTimeFormat.dateTime().parseDateTime(spec.get("expires").toString()));
return session;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
HashMap(java.util.HashMap)
Map(java.util.Map)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OidcSessionState(com.tremolosecurity.idp.providers.oidc.model.OidcSessionState)
Example 28 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method saveUserSession.
@Override
public void saveUserSession(OidcSessionState session) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(session.getSessionID()).append("x").toString();
HashMap<String, Object> createObject = new HashMap<String, Object>();
createObject.put("apiVersion", "openunison.tremolo.io/v1");
createObject.put("kind", "OidcSession");
HashMap<String, Object> metaData = new HashMap<String, Object>();
createObject.put("metadata", metaData);
metaData.put("name", sessionIdName);
metaData.put("namespace", this.nameSpace);
HashMap<String, Object> labels = new HashMap<String, Object>();
metaData.put("labels", labels);
labels.put("tremolo.io/user-dn", DigestUtils.sha1Hex(session.getUserDN()));
HashMap<String, Object> spec = new HashMap<String, Object>();
createObject.put("spec", spec);
spec.put("session_id", session.getSessionID());
spec.put("client_id", session.getClientID());
spec.put("encrypted_id_token", session.getEncryptedIdToken());
spec.put("encrypted_access_token", session.getEncryptedAccessToken());
spec.put("user_dn", session.getUserDN());
spec.put("refresh_token", session.getRefreshToken());
spec.put("expires", ISODateTimeFormat.dateTime().print(session.getExpires()));
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions").toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonReq = this.gson.toJson(createObject);
String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
if (logger.isDebugEnabled()) {
logger.debug("json response from creating object : " + jsonResp);
}
// TODO do something?
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
HashMap(java.util.HashMap)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 29 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method cleanOldSessions.
@Override
public void cleanOldSessions() throws Exception {
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions").toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
Map ret = gson.fromJson(jsonResp, Map.class);
List items = (List) ret.get("items");
for (Object o : items) {
Map session = (Map) o;
Map spec = (Map) session.get("spec");
String sessionid = (String) spec.get("session_id");
DateTime expires = ISODateTimeFormat.dateTime().parseDateTime((String) spec.get("expires"));
if (expires.isBeforeNow()) {
this.deleteSession(sessionid);
}
}
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
List(java.util.List)
JSONObject(org.json.simple.JSONObject)
HashMap(java.util.HashMap)
Map(java.util.Map)
DateTime(org.joda.time.DateTime)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 30 with OpenShiftTarget
use of com.tremolosecurity.unison.openshiftv3.OpenShiftTarget in project OpenUnison by TremoloSecurity.
the class ClearJobs method execute.
@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
if (configManager == null || configManager.getProvisioningEngine() == null) {
logger.warn("System not fully initialized");
return;
}
String target = context.getJobDetail().getJobDataMap().getString("target");
String uri = context.getJobDetail().getJobDataMap().getString("uri");
String labels = context.getJobDetail().getJobDataMap().getString("labels");
String workflowName = context.getJobDetail().getJobDataMap().getString("workflow");
String runWorkflowAsUsername = context.getJobDetail().getJobDataMap().getString("runWorkflowAsUsername");
String runWorkflowAsUsernameAttribute = context.getJobDetail().getJobDataMap().getString("runWorkflowAsUsernameAttribute");
OpenShiftTarget os = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(target).getProvider();
HttpCon con = null;
try {
con = os.createClient();
String token = os.getAuthToken();
String finalUri = uri + "?labelSelector=" + URLEncoder.encode(labels, "UTF-8");
String jsonResponse = os.callWS(token, con, finalUri);
logger.info(jsonResponse);
JSONObject root = (JSONObject) new JSONParser().parse(jsonResponse);
JSONArray items = (JSONArray) root.get("items");
for (Object o : items) {
JSONObject job = (JSONObject) o;
JSONObject metadata = (JSONObject) job.get("metadata");
JSONObject status = (JSONObject) job.get("status");
if (status != null) {
Long succeed = (Long) status.get("succeeded");
if (succeed != null && succeed.intValue() == 1) {
HashMap<String, Object> request = new HashMap<String, Object>();
request.put("job_name", (String) metadata.get("name"));
JSONObject jobLabels = (JSONObject) metadata.get("labels");
if (jobLabels != null) {
for (Object keyO : jobLabels.keySet()) {
String key = (String) keyO;
logger.info("label - '" + key + "'='" + jobLabels.get(key) + "'");
request.put("job_labels_" + key, jobLabels.get(key));
}
}
User user = new User();
user.setUserID(runWorkflowAsUsername);
user.setRequestReason("Clearing completed job " + metadata.get("name"));
user.getAttribs().put(runWorkflowAsUsernameAttribute, new Attribute(runWorkflowAsUsernameAttribute, runWorkflowAsUsername));
Workflow wf = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName, user);
logger.info(request);
wf.executeWorkflow(user, request);
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not clear object", e);
} finally {
if (con != null) {
con.getBcm().close();
try {
con.getHttp().close();
} catch (IOException e) {
logger.warn("Could not close connection", e);
}
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
JSONArray(org.json.simple.JSONArray)
OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
IOException(java.io.IOException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
JSONParser(org.json.simple.parser.JSONParser)
DeleteObject(com.tremolosecurity.unison.openshiftv3.jobs.DeleteObject)
JSONObject(org.json.simple.JSONObject)
Aggregations
OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)36
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)30
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)27
JSONObject (org.json.simple.JSONObject)18
ArrayList (java.util.ArrayList)13
JSONParser (org.json.simple.parser.JSONParser)13
HashMap (java.util.HashMap)12
IOException (java.io.IOException)11
Workflow (com.tremolosecurity.provisioning.core.Workflow)9
LDAPException (com.novell.ldap.LDAPException)7
List (java.util.List)7
Map (java.util.Map)7
Attribute (com.tremolosecurity.saml.Attribute)6
GitFile (com.tremolosecurity.provisioning.tasks.dataobj.GitFile)5
JSONArray (org.json.simple.JSONArray)4
ParseException (org.json.simple.parser.ParseException)4
Gson (com.google.gson.Gson)3
LDAPEntry (com.novell.ldap.LDAPEntry)3
K8sUser (com.tremolosecurity.myvd.dataObj.K8sUser)3
User (com.tremolosecurity.provisioning.core.User)3
