Search in sources :

Example 16 with Response

use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.

the class K8sSessionStore method getSession.

@Override
public OidcSessionState getSession(String sessionId) throws Exception {
    String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
            if (logger.isDebugEnabled()) {
                logger.debug("json response from deleting object : " + jsonResp);
            }
            Map ret = gson.fromJson(jsonResp, Map.class);
            Map spec = (Map) ret.get("spec");
            if (spec == null) {
                return null;
            }
            OidcSessionState session = new OidcSessionState();
            session.setSessionID(spec.get("session_id").toString());
            session.setClientID(spec.get("client_id").toString());
            session.setEncryptedAccessToken(spec.get("encrypted_access_token").toString());
            session.setEncryptedIdToken(spec.get("encrypted_id_token").toString());
            session.setRefreshToken(spec.get("refresh_token").toString());
            session.setUserDN(spec.get("user_dn").toString());
            session.setExpires(ISODateTimeFormat.dateTime().parseDateTime(spec.get("expires").toString()));
            return session;
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new Exception("Error searching kubernetes", e);
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) HashMap(java.util.HashMap) Map(java.util.Map) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OidcSessionState(com.tremolosecurity.idp.providers.oidc.model.OidcSessionState)

Example 17 with Response

use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.

the class K8sSessionStore method saveUserSession.

@Override
public void saveUserSession(OidcSessionState session) throws Exception {
    String sessionIdName = new StringBuilder().append("x").append(session.getSessionID()).append("x").toString();
    HashMap<String, Object> createObject = new HashMap<String, Object>();
    createObject.put("apiVersion", "openunison.tremolo.io/v1");
    createObject.put("kind", "OidcSession");
    HashMap<String, Object> metaData = new HashMap<String, Object>();
    createObject.put("metadata", metaData);
    metaData.put("name", sessionIdName);
    metaData.put("namespace", this.nameSpace);
    HashMap<String, Object> labels = new HashMap<String, Object>();
    metaData.put("labels", labels);
    labels.put("tremolo.io/user-dn", DigestUtils.sha1Hex(session.getUserDN()));
    HashMap<String, Object> spec = new HashMap<String, Object>();
    createObject.put("spec", spec);
    spec.put("session_id", session.getSessionID());
    spec.put("client_id", session.getClientID());
    spec.put("encrypted_id_token", session.getEncryptedIdToken());
    spec.put("encrypted_access_token", session.getEncryptedAccessToken());
    spec.put("user_dn", session.getUserDN());
    spec.put("refresh_token", session.getRefreshToken());
    spec.put("expires", ISODateTimeFormat.dateTime().print(session.getExpires()));
    OpenShiftTarget k8s = null;
    try {
        k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
    } catch (ProvisioningException e1) {
        logger.error("Could not retrieve kubernetes target", e1);
        throw new ProvisioningException("Could not connect to kubernetes", e1);
    }
    String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions").toString();
    try {
        HttpCon con = k8s.createClient();
        try {
            String jsonReq = this.gson.toJson(createObject);
            String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
            if (logger.isDebugEnabled()) {
                logger.debug("json response from creating object : " + jsonResp);
            }
        // TODO do something?
        } finally {
            con.getHttp().close();
            con.getBcm().close();
        }
    } catch (Exception e) {
        logger.error("Could not search k8s", e);
        throw new Exception("Error searching kubernetes", e);
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) HashMap(java.util.HashMap) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) JSONObject(org.json.simple.JSONObject) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 18 with Response

use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.

the class CreateProject method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    String localTemplate = task.renderTemplate(template, request);
    if (logger.isDebugEnabled()) {
        logger.debug("localTemplate : '" + localTemplate + "'");
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget("openshift").getProvider();
    try {
        String token = os.getAuthToken();
        con = os.createClient();
        if (!os.isObjectExists(token, con, "/apis/project.openshift.io/v1/projects", localTemplate)) {
            String respJSON = os.callWSPost(token, con, "/apis/project.openshift.io/v1/projectrequests", localTemplate);
            if (logger.isDebugEnabled()) {
                logger.debug("Response for creating project : '" + respJSON + "'");
            }
            JSONParser parser = new JSONParser();
            JSONObject resp = (JSONObject) parser.parse(respJSON);
            String kind = (String) resp.get("kind");
            String projectName = (String) ((JSONObject) resp.get("metadata")).get("name");
            if (!kind.equalsIgnoreCase("Project")) {
                throw new ProvisioningException("Could not create project with json '" + localTemplate + "' - '" + respJSON + "'");
            } else {
                this.task.getConfigManager().getProvisioningEngine().logAction(this.targetName, true, ActionType.Add, approvalID, this.task.getWorkflow(), "openshift-project", projectName);
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not create project", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
    return true;
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) JSONParser(org.json.simple.parser.JSONParser) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Example 19 with Response

use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method deleteGroup.

@Override
public void deleteGroup(String name, User user, Map<String, Object> request) throws ProvisioningException {
    HttpCon con = null;
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        String token = this.getAuthToken();
        con = this.createClient();
        Gson gson = new Gson();
        StringBuffer b = new StringBuffer();
        b.append("/apis/user.openshift.io/v1/groups/").append(name);
        String json = this.callWSDelete(token, con, b.toString());
        Response resp = gson.fromJson(json, Response.class);
        if (resp.getStatus().equalsIgnoreCase("Success")) {
            this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "group-object", name);
        } else {
            throw new ProvisioningException("Unknown response : '" + json + "'");
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not load group", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
}
Also used : CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Response(com.tremolosecurity.unison.openshiftv3.model.Response) HttpResponse(org.apache.http.HttpResponse) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException)

Example 20 with Response

use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.

the class OpenShiftTarget method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    user = this.findUser(user.getUserID(), new HashSet<String>(), request);
    try {
        String token = this.getAuthToken();
        HttpCon con = this.createClient();
        Gson gson = new Gson();
        try {
            StringBuffer b = new StringBuffer();
            b.append("/apis/user.openshift.io/v1/users/").append(user.getUserID());
            String json = this.callWSDelete(token, con, b.toString());
            Response resp = gson.fromJson(json, Response.class);
            if (resp.getStatus() != null && !resp.getStatus().equalsIgnoreCase("success")) {
                throw new Exception("Unable to delete " + user.getUserID() + " - " + resp.getReason());
            }
            this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "name", user.getUserID());
            for (String group : user.getGroups()) {
                this.removeUserFromGroup(token, con, user.getUserID(), group, approvalID, workflow);
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
                con.getHttp().close();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not delete user " + user.getUserID());
    }
}
Also used : CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Response(com.tremolosecurity.unison.openshiftv3.model.Response) HttpResponse(org.apache.http.HttpResponse) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) KeyStoreException(java.security.KeyStoreException) StreamException(org.cryptacular.StreamException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KeyManagementException(java.security.KeyManagementException) JoseException(org.jose4j.lang.JoseException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) EncodingException(org.cryptacular.EncodingException) IOException(java.io.IOException) HashSet(java.util.HashSet)

Aggregations

ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)17 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)14 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)14 JSONObject (org.json.simple.JSONObject)12 JSONParser (org.json.simple.parser.JSONParser)9 IOException (java.io.IOException)8 ParseException (org.json.simple.parser.ParseException)8 Gson (com.google.gson.Gson)7 Workflow (com.tremolosecurity.provisioning.core.Workflow)7 Response (com.tremolosecurity.unison.openshiftv3.model.Response)7 ClientProtocolException (org.apache.http.client.ClientProtocolException)7 JoseException (org.jose4j.lang.JoseException)6 UnsupportedEncodingException (java.io.UnsupportedEncodingException)5 KeyManagementException (java.security.KeyManagementException)5 KeyStoreException (java.security.KeyStoreException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 UnrecoverableKeyException (java.security.UnrecoverableKeyException)5 HashMap (java.util.HashMap)5 HttpResponse (org.apache.http.HttpResponse)5 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)5