use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method getSession.
@Override
public OidcSessionState getSession(String sessionId) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(sessionId).append("x").toString();
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions/").append(sessionIdName).toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonResp = k8s.callWS(k8s.getAuthToken(), con, url);
if (logger.isDebugEnabled()) {
logger.debug("json response from deleting object : " + jsonResp);
}
Map ret = gson.fromJson(jsonResp, Map.class);
Map spec = (Map) ret.get("spec");
if (spec == null) {
return null;
}
OidcSessionState session = new OidcSessionState();
session.setSessionID(spec.get("session_id").toString());
session.setClientID(spec.get("client_id").toString());
session.setEncryptedAccessToken(spec.get("encrypted_access_token").toString());
session.setEncryptedIdToken(spec.get("encrypted_id_token").toString());
session.setRefreshToken(spec.get("refresh_token").toString());
session.setUserDN(spec.get("user_dn").toString());
session.setExpires(ISODateTimeFormat.dateTime().parseDateTime(spec.get("expires").toString()));
return session;
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.
the class K8sSessionStore method saveUserSession.
@Override
public void saveUserSession(OidcSessionState session) throws Exception {
String sessionIdName = new StringBuilder().append("x").append(session.getSessionID()).append("x").toString();
HashMap<String, Object> createObject = new HashMap<String, Object>();
createObject.put("apiVersion", "openunison.tremolo.io/v1");
createObject.put("kind", "OidcSession");
HashMap<String, Object> metaData = new HashMap<String, Object>();
createObject.put("metadata", metaData);
metaData.put("name", sessionIdName);
metaData.put("namespace", this.nameSpace);
HashMap<String, Object> labels = new HashMap<String, Object>();
metaData.put("labels", labels);
labels.put("tremolo.io/user-dn", DigestUtils.sha1Hex(session.getUserDN()));
HashMap<String, Object> spec = new HashMap<String, Object>();
createObject.put("spec", spec);
spec.put("session_id", session.getSessionID());
spec.put("client_id", session.getClientID());
spec.put("encrypted_id_token", session.getEncryptedIdToken());
spec.put("encrypted_access_token", session.getEncryptedAccessToken());
spec.put("user_dn", session.getUserDN());
spec.put("refresh_token", session.getRefreshToken());
spec.put("expires", ISODateTimeFormat.dateTime().print(session.getExpires()));
OpenShiftTarget k8s = null;
try {
k8s = (OpenShiftTarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.k8sTarget).getProvider();
} catch (ProvisioningException e1) {
logger.error("Could not retrieve kubernetes target", e1);
throw new ProvisioningException("Could not connect to kubernetes", e1);
}
String url = new StringBuilder().append("/apis/openunison.tremolo.io/v1/namespaces/").append(this.nameSpace).append("/oidc-sessions").toString();
try {
HttpCon con = k8s.createClient();
try {
String jsonReq = this.gson.toJson(createObject);
String jsonResp = k8s.callWSPost(k8s.getAuthToken(), con, url, jsonReq);
if (logger.isDebugEnabled()) {
logger.debug("json response from creating object : " + jsonResp);
}
// TODO do something?
} finally {
con.getHttp().close();
con.getBcm().close();
}
} catch (Exception e) {
logger.error("Could not search k8s", e);
throw new Exception("Error searching kubernetes", e);
}
}
use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.
the class CreateProject method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
String localTemplate = task.renderTemplate(template, request);
if (logger.isDebugEnabled()) {
logger.debug("localTemplate : '" + localTemplate + "'");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
OpenShiftTarget os = (OpenShiftTarget) task.getConfigManager().getProvisioningEngine().getTarget("openshift").getProvider();
try {
String token = os.getAuthToken();
con = os.createClient();
if (!os.isObjectExists(token, con, "/apis/project.openshift.io/v1/projects", localTemplate)) {
String respJSON = os.callWSPost(token, con, "/apis/project.openshift.io/v1/projectrequests", localTemplate);
if (logger.isDebugEnabled()) {
logger.debug("Response for creating project : '" + respJSON + "'");
}
JSONParser parser = new JSONParser();
JSONObject resp = (JSONObject) parser.parse(respJSON);
String kind = (String) resp.get("kind");
String projectName = (String) ((JSONObject) resp.get("metadata")).get("name");
if (!kind.equalsIgnoreCase("Project")) {
throw new ProvisioningException("Could not create project with json '" + localTemplate + "' - '" + respJSON + "'");
} else {
this.task.getConfigManager().getProvisioningEngine().logAction(this.targetName, true, ActionType.Add, approvalID, this.task.getWorkflow(), "openshift-project", projectName);
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not create project", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
return true;
}
use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method deleteGroup.
@Override
public void deleteGroup(String name, User user, Map<String, Object> request) throws ProvisioningException {
HttpCon con = null;
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
String token = this.getAuthToken();
con = this.createClient();
Gson gson = new Gson();
StringBuffer b = new StringBuffer();
b.append("/apis/user.openshift.io/v1/groups/").append(name);
String json = this.callWSDelete(token, con, b.toString());
Response resp = gson.fromJson(json, Response.class);
if (resp.getStatus().equalsIgnoreCase("Success")) {
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "group-object", name);
} else {
throw new ProvisioningException("Unknown response : '" + json + "'");
}
} catch (Exception e) {
throw new ProvisioningException("Could not load group", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
}
use of com.tremolosecurity.unison.openshiftv3.model.Response in project OpenUnison by TremoloSecurity.
the class OpenShiftTarget method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
user = this.findUser(user.getUserID(), new HashSet<String>(), request);
try {
String token = this.getAuthToken();
HttpCon con = this.createClient();
Gson gson = new Gson();
try {
StringBuffer b = new StringBuffer();
b.append("/apis/user.openshift.io/v1/users/").append(user.getUserID());
String json = this.callWSDelete(token, con, b.toString());
Response resp = gson.fromJson(json, Response.class);
if (resp.getStatus() != null && !resp.getStatus().equalsIgnoreCase("success")) {
throw new Exception("Unable to delete " + user.getUserID() + " - " + resp.getReason());
}
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "name", user.getUserID());
for (String group : user.getGroups()) {
this.removeUserFromGroup(token, con, user.getUserID(), group, approvalID, workflow);
}
} finally {
if (con != null) {
con.getBcm().shutdown();
con.getHttp().close();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not delete user " + user.getUserID());
}
}
Aggregations