Search in sources :

Example 1 with UserAndID

use of com.tremolosecurity.unison.openstack.model.UserAndID in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    Gson gson = new Gson();
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        UserAndID fromKS = this.lookupUser(user.getUserID(), attributes, request, token, con);
        if (fromKS == null) {
            this.createUser(user, attributes, request);
        } else {
            // check attributes
            HashMap<String, String> attrsUpdate = new HashMap<String, String>();
            KSUser toPatch = new KSUser();
            if (!rolesOnly) {
                if (attributes.contains("email")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("email") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("email").getValues().get(0);
                    }
                    if (user.getAttribs().get("email") != null) {
                        newVal = user.getAttribs().get("email").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setEmail(newVal);
                        attrsUpdate.put("email", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setEmail("");
                        attrsUpdate.put("email", "");
                    }
                }
                if (attributes.contains("enabled")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("enabled") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("enabled").getValues().get(0);
                    }
                    if (user.getAttribs().get("enabled") != null) {
                        newVal = user.getAttribs().get("enabled").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setName(newVal);
                        attrsUpdate.put("enabled", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setEnabled(false);
                        attrsUpdate.put("enabled", "");
                    }
                }
                if (attributes.contains("description")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("description") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("description").getValues().get(0);
                    }
                    if (user.getAttribs().get("description") != null) {
                        newVal = user.getAttribs().get("description").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setDescription(newVal);
                        attrsUpdate.put("description", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setDescription("");
                        attrsUpdate.put("description", "");
                    }
                }
                if (!attrsUpdate.isEmpty()) {
                    UserHolder holder = new UserHolder();
                    holder.setUser(toPatch);
                    String json = gson.toJson(holder);
                    StringBuffer b = new StringBuffer();
                    b.append(this.url).append("/users/").append(fromKS.getId());
                    json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
                    for (String attr : attrsUpdate.keySet()) {
                        String val = attrsUpdate.get(attr);
                        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, attr, val);
                    }
                }
                for (String group : user.getGroups()) {
                    if (!fromKS.getUser().getGroups().contains(group)) {
                        String groupID = this.getGroupID(token.getAuthToken(), con, group);
                        StringBuffer b = new StringBuffer();
                        b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
                        if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "group", group);
                        } else {
                            throw new ProvisioningException("Could not add group " + group);
                        }
                    }
                }
                if (!addOnly) {
                    for (String group : fromKS.getUser().getGroups()) {
                        if (!user.getGroups().contains(group)) {
                            String groupID = this.getGroupID(token.getAuthToken(), con, group);
                            StringBuffer b = new StringBuffer();
                            b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
                            this.callWSDelete(token.getAuthToken(), con, b.toString());
                            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "group", group);
                        }
                    }
                }
            }
            if (attributes.contains("roles")) {
                HashSet<Role> currentRoles = new HashSet<Role>();
                if (fromKS.getUser().getAttribs().get("roles") != null) {
                    Attribute attr = fromKS.getUser().getAttribs().get("roles");
                    for (String jsonRole : attr.getValues()) {
                        currentRoles.add(gson.fromJson(jsonRole, Role.class));
                    }
                }
                if (user.getAttribs().containsKey("roles")) {
                    StringBuffer b = new StringBuffer();
                    Attribute attr = user.getAttribs().get("roles");
                    for (String jsonRole : attr.getValues()) {
                        Role role = gson.fromJson(jsonRole, Role.class);
                        if (!currentRoles.contains(role)) {
                            if (role.getScope().equalsIgnoreCase("project")) {
                                String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                                if (projectid == null) {
                                    throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                                }
                                String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                if (roleid == null) {
                                    throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                }
                                b.setLength(0);
                                b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
                                } else {
                                    throw new ProvisioningException("Could not add role " + jsonRole);
                                }
                            } else {
                                String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                                if (domainid == null) {
                                    throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                                }
                                String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                if (roleid == null) {
                                    throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                }
                                b.setLength(0);
                                b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
                                } else {
                                    throw new ProvisioningException("Could not add role " + jsonRole);
                                }
                            }
                        }
                    }
                }
            }
            if (!addOnly) {
                if (attributes.contains("roles")) {
                    HashSet<Role> currentRoles = new HashSet<Role>();
                    if (user.getAttribs().get("roles") != null) {
                        Attribute attr = user.getAttribs().get("roles");
                        for (String jsonRole : attr.getValues()) {
                            currentRoles.add(gson.fromJson(jsonRole, Role.class));
                        }
                    }
                    if (fromKS.getUser().getAttribs().containsKey("roles")) {
                        StringBuffer b = new StringBuffer();
                        Attribute attr = fromKS.getUser().getAttribs().get("roles");
                        for (String jsonRole : attr.getValues()) {
                            Role role = gson.fromJson(jsonRole, Role.class);
                            if (!currentRoles.contains(role)) {
                                if (role.getScope().equalsIgnoreCase("project")) {
                                    String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                                    if (projectid == null) {
                                        throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                                    }
                                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                    if (roleid == null) {
                                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                    }
                                    b.setLength(0);
                                    b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                    this.callWSDelete(token.getAuthToken(), con, b.toString());
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
                                } else {
                                    String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                                    if (domainid == null) {
                                        throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                                    }
                                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                    if (roleid == null) {
                                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                    }
                                    b.setLength(0);
                                    b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                    this.callWSDelete(token.getAuthToken(), con, b.toString());
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
                                }
                            }
                        }
                    }
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID) HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) KSRole(com.tremolosecurity.unison.openstack.model.KSRole) Role(com.tremolosecurity.unison.openstack.model.Role) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder) HashSet(java.util.HashSet)

Example 2 with UserAndID

use of com.tremolosecurity.unison.openstack.model.UserAndID in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method lookupUser.

public UserAndID lookupUser(String userID, Set<String> attributes, Map<String, Object> request, KSToken token, HttpCon con) throws Exception {
    KSUser fromKS = null;
    List<NameValuePair> qparams = new ArrayList<NameValuePair>();
    qparams.add(new BasicNameValuePair("domain_id", this.usersDomain));
    qparams.add(new BasicNameValuePair("name", userID));
    StringBuffer b = new StringBuffer();
    b.append(this.url).append("/users?").append(URLEncodedUtils.format(qparams, "UTF-8"));
    String fullURL = b.toString();
    String json = this.callWS(token.getAuthToken(), con, fullURL);
    Gson gson = new Gson();
    UserLookupResponse resp = gson.fromJson(json, UserLookupResponse.class);
    if (resp.getUsers().isEmpty()) {
        return null;
    } else {
        fromKS = resp.getUsers().get(0);
        User user = new User(fromKS.getName());
        if (attributes.contains("name")) {
            user.getAttribs().put("name", new Attribute("name", fromKS.getName()));
        }
        if (attributes.contains("id")) {
            user.getAttribs().put("id", new Attribute("id", fromKS.getId()));
        }
        if (attributes.contains("email") && fromKS.getEmail() != null) {
            user.getAttribs().put("email", new Attribute("email", fromKS.getEmail()));
        }
        if (attributes.contains("description") && fromKS.getDescription() != null) {
            user.getAttribs().put("description", new Attribute("description", fromKS.getEmail()));
        }
        if (attributes.contains("enabled")) {
            user.getAttribs().put("enabled", new Attribute("enabled", Boolean.toString(fromKS.getEnabled())));
        }
        if (!rolesOnly) {
            b.setLength(0);
            b.append(this.url).append("/users/").append(fromKS.getId()).append("/groups");
            json = this.callWS(token.getAuthToken(), con, b.toString());
            GroupLookupResponse gresp = gson.fromJson(json, GroupLookupResponse.class);
            for (KSGroup group : gresp.getGroups()) {
                user.getGroups().add(group.getName());
            }
        }
        if (attributes.contains("roles")) {
            b.setLength(0);
            b.append(this.url).append("/role_assignments?user.id=").append(fromKS.getId()).append("&include_names=true");
            json = this.callWS(token.getAuthToken(), con, b.toString());
            RoleAssignmentResponse rar = gson.fromJson(json, RoleAssignmentResponse.class);
            Attribute attr = new Attribute("roles");
            for (KSRoleAssignment role : rar.getRole_assignments()) {
                if (role.getScope().getProject() != null) {
                    attr.getValues().add(gson.toJson(new Role(role.getRole().getName(), "project", role.getScope().getProject().getDomain().getName(), role.getScope().getProject().getName())));
                } else {
                    attr.getValues().add(gson.toJson(new Role(role.getRole().getName(), "domain", role.getScope().getDomain().getName())));
                }
            }
            if (!attr.getValues().isEmpty()) {
                user.getAttribs().put("roles", attr);
            }
        }
        UserAndID userAndId = new UserAndID();
        userAndId.setUser(user);
        userAndId.setId(fromKS.getId());
        return userAndId;
    }
}
Also used : NameValuePair(org.apache.http.NameValuePair) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID) User(com.tremolosecurity.provisioning.core.User) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) KSGroup(com.tremolosecurity.unison.openstack.model.KSGroup) Attribute(com.tremolosecurity.saml.Attribute) GroupLookupResponse(com.tremolosecurity.unison.openstack.model.GroupLookupResponse) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) ArrayList(java.util.ArrayList) KSRoleAssignment(com.tremolosecurity.unison.openstack.model.KSRoleAssignment) Gson(com.google.gson.Gson) RoleAssignmentResponse(com.tremolosecurity.unison.openstack.model.RoleAssignmentResponse) KSRole(com.tremolosecurity.unison.openstack.model.KSRole) Role(com.tremolosecurity.unison.openstack.model.Role) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) UserLookupResponse(com.tremolosecurity.unison.openstack.model.UserLookupResponse)

Example 3 with UserAndID

use of com.tremolosecurity.unison.openstack.model.UserAndID in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method findUser.

@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    HttpCon con = null;
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        UserAndID found = this.lookupUser(userID, attributes, request, token, con);
        if (found != null) {
            return found.getUser();
        } else {
            return null;
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException)

Aggregations

UserAndID (com.tremolosecurity.unison.openstack.model.UserAndID)3 Gson (com.google.gson.Gson)2 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)2 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)2 Attribute (com.tremolosecurity.saml.Attribute)2 KSRole (com.tremolosecurity.unison.openstack.model.KSRole)2 KSUser (com.tremolosecurity.unison.openstack.model.KSUser)2 Role (com.tremolosecurity.unison.openstack.model.Role)2 KSToken (com.tremolosecurity.unison.openstack.util.KSToken)2 IOException (java.io.IOException)2 ClientProtocolException (org.apache.http.client.ClientProtocolException)2 User (com.tremolosecurity.provisioning.core.User)1 Workflow (com.tremolosecurity.provisioning.core.Workflow)1 GroupLookupResponse (com.tremolosecurity.unison.openstack.model.GroupLookupResponse)1 KSGroup (com.tremolosecurity.unison.openstack.model.KSGroup)1 KSRoleAssignment (com.tremolosecurity.unison.openstack.model.KSRoleAssignment)1 RoleAssignmentResponse (com.tremolosecurity.unison.openstack.model.RoleAssignmentResponse)1 UserHolder (com.tremolosecurity.unison.openstack.model.UserHolder)1 UserLookupResponse (com.tremolosecurity.unison.openstack.model.UserLookupResponse)1 ArrayList (java.util.ArrayList)1