Search in sources :

Example 1 with UserHolder

use of com.tremolosecurity.unison.openstack.model.UserHolder in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method syncUser.

@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    Gson gson = new Gson();
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        UserAndID fromKS = this.lookupUser(user.getUserID(), attributes, request, token, con);
        if (fromKS == null) {
            this.createUser(user, attributes, request);
        } else {
            // check attributes
            HashMap<String, String> attrsUpdate = new HashMap<String, String>();
            KSUser toPatch = new KSUser();
            if (!rolesOnly) {
                if (attributes.contains("email")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("email") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("email").getValues().get(0);
                    }
                    if (user.getAttribs().get("email") != null) {
                        newVal = user.getAttribs().get("email").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setEmail(newVal);
                        attrsUpdate.put("email", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setEmail("");
                        attrsUpdate.put("email", "");
                    }
                }
                if (attributes.contains("enabled")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("enabled") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("enabled").getValues().get(0);
                    }
                    if (user.getAttribs().get("enabled") != null) {
                        newVal = user.getAttribs().get("enabled").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setName(newVal);
                        attrsUpdate.put("enabled", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setEnabled(false);
                        attrsUpdate.put("enabled", "");
                    }
                }
                if (attributes.contains("description")) {
                    String fromKSVal = null;
                    String newVal = null;
                    if (fromKS.getUser().getAttribs().get("description") != null) {
                        fromKSVal = fromKS.getUser().getAttribs().get("description").getValues().get(0);
                    }
                    if (user.getAttribs().get("description") != null) {
                        newVal = user.getAttribs().get("description").getValues().get(0);
                    }
                    if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
                        toPatch.setDescription(newVal);
                        attrsUpdate.put("description", newVal);
                    } else if (!addOnly && newVal == null && fromKSVal != null) {
                        toPatch.setDescription("");
                        attrsUpdate.put("description", "");
                    }
                }
                if (!attrsUpdate.isEmpty()) {
                    UserHolder holder = new UserHolder();
                    holder.setUser(toPatch);
                    String json = gson.toJson(holder);
                    StringBuffer b = new StringBuffer();
                    b.append(this.url).append("/users/").append(fromKS.getId());
                    json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
                    for (String attr : attrsUpdate.keySet()) {
                        String val = attrsUpdate.get(attr);
                        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, attr, val);
                    }
                }
                for (String group : user.getGroups()) {
                    if (!fromKS.getUser().getGroups().contains(group)) {
                        String groupID = this.getGroupID(token.getAuthToken(), con, group);
                        StringBuffer b = new StringBuffer();
                        b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
                        if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "group", group);
                        } else {
                            throw new ProvisioningException("Could not add group " + group);
                        }
                    }
                }
                if (!addOnly) {
                    for (String group : fromKS.getUser().getGroups()) {
                        if (!user.getGroups().contains(group)) {
                            String groupID = this.getGroupID(token.getAuthToken(), con, group);
                            StringBuffer b = new StringBuffer();
                            b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
                            this.callWSDelete(token.getAuthToken(), con, b.toString());
                            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "group", group);
                        }
                    }
                }
            }
            if (attributes.contains("roles")) {
                HashSet<Role> currentRoles = new HashSet<Role>();
                if (fromKS.getUser().getAttribs().get("roles") != null) {
                    Attribute attr = fromKS.getUser().getAttribs().get("roles");
                    for (String jsonRole : attr.getValues()) {
                        currentRoles.add(gson.fromJson(jsonRole, Role.class));
                    }
                }
                if (user.getAttribs().containsKey("roles")) {
                    StringBuffer b = new StringBuffer();
                    Attribute attr = user.getAttribs().get("roles");
                    for (String jsonRole : attr.getValues()) {
                        Role role = gson.fromJson(jsonRole, Role.class);
                        if (!currentRoles.contains(role)) {
                            if (role.getScope().equalsIgnoreCase("project")) {
                                String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                                if (projectid == null) {
                                    throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                                }
                                String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                if (roleid == null) {
                                    throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                }
                                b.setLength(0);
                                b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
                                } else {
                                    throw new ProvisioningException("Could not add role " + jsonRole);
                                }
                            } else {
                                String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                                if (domainid == null) {
                                    throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                                }
                                String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                if (roleid == null) {
                                    throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                }
                                b.setLength(0);
                                b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
                                } else {
                                    throw new ProvisioningException("Could not add role " + jsonRole);
                                }
                            }
                        }
                    }
                }
            }
            if (!addOnly) {
                if (attributes.contains("roles")) {
                    HashSet<Role> currentRoles = new HashSet<Role>();
                    if (user.getAttribs().get("roles") != null) {
                        Attribute attr = user.getAttribs().get("roles");
                        for (String jsonRole : attr.getValues()) {
                            currentRoles.add(gson.fromJson(jsonRole, Role.class));
                        }
                    }
                    if (fromKS.getUser().getAttribs().containsKey("roles")) {
                        StringBuffer b = new StringBuffer();
                        Attribute attr = fromKS.getUser().getAttribs().get("roles");
                        for (String jsonRole : attr.getValues()) {
                            Role role = gson.fromJson(jsonRole, Role.class);
                            if (!currentRoles.contains(role)) {
                                if (role.getScope().equalsIgnoreCase("project")) {
                                    String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                                    if (projectid == null) {
                                        throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                                    }
                                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                    if (roleid == null) {
                                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                    }
                                    b.setLength(0);
                                    b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                    this.callWSDelete(token.getAuthToken(), con, b.toString());
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
                                } else {
                                    String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                                    if (domainid == null) {
                                        throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                                    }
                                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                                    if (roleid == null) {
                                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                                    }
                                    b.setLength(0);
                                    b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
                                    this.callWSDelete(token.getAuthToken(), con, b.toString());
                                    this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
                                }
                            }
                        }
                    }
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID) HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) KSRole(com.tremolosecurity.unison.openstack.model.KSRole) Role(com.tremolosecurity.unison.openstack.model.Role) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder) HashSet(java.util.HashSet)

Example 2 with UserHolder

use of com.tremolosecurity.unison.openstack.model.UserHolder in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method setUserPassword.

@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    if (rolesOnly) {
        throw new ProvisioningException("Unsupported");
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    HttpCon con = null;
    String id;
    if (user.getAttribs().get("id") != null) {
        id = user.getAttribs().get("id").getValues().get(0);
    } else {
        HashSet<String> attrs = new HashSet<String>();
        attrs.add("id");
        User userFromKS = this.findUser(user.getUserID(), attrs, request);
        id = userFromKS.getAttribs().get("id").getValues().get(0);
    }
    UserHolder holder = new UserHolder();
    holder.setUser(new KSUser());
    holder.getUser().setPassword(user.getPassword());
    Gson gson = new Gson();
    KSUser fromKS = null;
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        String json = gson.toJson(holder);
        StringBuffer b = new StringBuffer();
        b.append(this.url).append("/users/").append(id);
        json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, "password", "***********");
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder) HashSet(java.util.HashSet)

Example 3 with UserHolder

use of com.tremolosecurity.unison.openstack.model.UserHolder in project OpenUnison by TremoloSecurity.

the class KeystoneProvisioningTarget method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    if (rolesOnly) {
        throw new ProvisioningException("Unsupported");
    }
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    KSUser newUser = new KSUser();
    newUser.setDomain_id(this.usersDomain);
    newUser.setName(user.getUserID());
    newUser.setEnabled(true);
    if (attributes.contains("email") && user.getAttribs().containsKey("email")) {
        newUser.setEmail(user.getAttribs().get("email").getValues().get(0));
    }
    if (attributes.contains("description") && user.getAttribs().containsKey("description")) {
        newUser.setEmail(user.getAttribs().get("description").getValues().get(0));
    }
    HttpCon con = null;
    KSUser fromKS = null;
    try {
        con = this.createClient();
        KSToken token = this.getToken(con);
        Gson gson = new Gson();
        UserHolder userHolder = new UserHolder();
        userHolder.setUser(newUser);
        String json = gson.toJson(userHolder);
        StringBuffer b = new StringBuffer();
        b.append(this.url).append("/users");
        json = this.callWSPost(token.getAuthToken(), con, b.toString(), json);
        if (json == null) {
            throw new Exception("Could not create user");
        }
        UserHolder createdUser = gson.fromJson(json, UserHolder.class);
        if (createdUser.getUser() == null) {
            throw new ProvisioningException("Could not create user :" + json);
        }
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), true, ActionType.Add, approvalID, workflow, "name", user.getUserID());
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "name", user.getUserID());
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "domain_id", this.usersDomain);
        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "enabled", "true");
        if (attributes.contains("email")) {
            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "email", user.getAttribs().get("email").getValues().get(0));
        }
        if (attributes.contains("description")) {
            this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "description", user.getAttribs().get("description").getValues().get(0));
        }
        for (String group : user.getGroups()) {
            String groupID = this.getGroupID(token.getAuthToken(), con, group);
            b.setLength(0);
            b.append(this.url).append("/groups/").append(groupID).append("/users/").append(createdUser.getUser().getId());
            if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "group", group);
            } else {
                throw new ProvisioningException("Could not add group " + group);
            }
        }
        if (attributes.contains("roles")) {
            Attribute roles = user.getAttribs().get("roles");
            for (String roleJSON : roles.getValues()) {
                Role role = gson.fromJson(roleJSON, Role.class);
                if (role.getScope().equalsIgnoreCase("project")) {
                    String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
                    if (projectid == null) {
                        throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
                    }
                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                    if (roleid == null) {
                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                    }
                    b.setLength(0);
                    b.append(this.url).append("/projects/").append(projectid).append("/users/").append(createdUser.getUser().getId()).append("/roles/").append(roleid);
                    if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", roleJSON);
                    } else {
                        throw new ProvisioningException("Could not add role " + roleJSON);
                    }
                } else {
                    String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
                    if (domainid == null) {
                        throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
                    }
                    String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
                    if (roleid == null) {
                        throw new ProvisioningException("Role " + role.getName() + " does not exist");
                    }
                    b.setLength(0);
                    b.append(this.url).append("/domains/").append(domainid).append("/users/").append(createdUser.getUser().getId()).append("/roles/").append(roleid);
                    if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
                        this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", roleJSON);
                    } else {
                        throw new ProvisioningException("Could not add role " + roleJSON);
                    }
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not work with keystone", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) KSUser(com.tremolosecurity.unison.openstack.model.KSUser) Workflow(com.tremolosecurity.provisioning.core.Workflow) Gson(com.google.gson.Gson) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ClientProtocolException(org.apache.http.client.ClientProtocolException) IOException(java.io.IOException) KSRole(com.tremolosecurity.unison.openstack.model.KSRole) Role(com.tremolosecurity.unison.openstack.model.Role) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) KSToken(com.tremolosecurity.unison.openstack.util.KSToken) UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder)

Aggregations

Gson (com.google.gson.Gson)3 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)3 Workflow (com.tremolosecurity.provisioning.core.Workflow)3 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)3 KSUser (com.tremolosecurity.unison.openstack.model.KSUser)3 UserHolder (com.tremolosecurity.unison.openstack.model.UserHolder)3 KSToken (com.tremolosecurity.unison.openstack.util.KSToken)3 IOException (java.io.IOException)3 ClientProtocolException (org.apache.http.client.ClientProtocolException)3 Attribute (com.tremolosecurity.saml.Attribute)2 KSRole (com.tremolosecurity.unison.openstack.model.KSRole)2 Role (com.tremolosecurity.unison.openstack.model.Role)2 HashSet (java.util.HashSet)2 User (com.tremolosecurity.provisioning.core.User)1 UserAndID (com.tremolosecurity.unison.openstack.model.UserAndID)1 HashMap (java.util.HashMap)1