Example 1 with KSToken
use of com.tremolosecurity.unison.openstack.util.KSToken in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
Gson gson = new Gson();
try {
con = this.createClient();
KSToken token = this.getToken(con);
UserAndID fromKS = this.lookupUser(user.getUserID(), attributes, request, token, con);
if (fromKS == null) {
this.createUser(user, attributes, request);
} else {
// check attributes
HashMap<String, String> attrsUpdate = new HashMap<String, String>();
KSUser toPatch = new KSUser();
if (!rolesOnly) {
if (attributes.contains("email")) {
String fromKSVal = null;
String newVal = null;
if (fromKS.getUser().getAttribs().get("email") != null) {
fromKSVal = fromKS.getUser().getAttribs().get("email").getValues().get(0);
}
if (user.getAttribs().get("email") != null) {
newVal = user.getAttribs().get("email").getValues().get(0);
}
if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
toPatch.setEmail(newVal);
attrsUpdate.put("email", newVal);
} else if (!addOnly && newVal == null && fromKSVal != null) {
toPatch.setEmail("");
attrsUpdate.put("email", "");
}
}
if (attributes.contains("enabled")) {
String fromKSVal = null;
String newVal = null;
if (fromKS.getUser().getAttribs().get("enabled") != null) {
fromKSVal = fromKS.getUser().getAttribs().get("enabled").getValues().get(0);
}
if (user.getAttribs().get("enabled") != null) {
newVal = user.getAttribs().get("enabled").getValues().get(0);
}
if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
toPatch.setName(newVal);
attrsUpdate.put("enabled", newVal);
} else if (!addOnly && newVal == null && fromKSVal != null) {
toPatch.setEnabled(false);
attrsUpdate.put("enabled", "");
}
}
if (attributes.contains("description")) {
String fromKSVal = null;
String newVal = null;
if (fromKS.getUser().getAttribs().get("description") != null) {
fromKSVal = fromKS.getUser().getAttribs().get("description").getValues().get(0);
}
if (user.getAttribs().get("description") != null) {
newVal = user.getAttribs().get("description").getValues().get(0);
}
if (newVal != null && (fromKSVal == null || !fromKSVal.equalsIgnoreCase(newVal))) {
toPatch.setDescription(newVal);
attrsUpdate.put("description", newVal);
} else if (!addOnly && newVal == null && fromKSVal != null) {
toPatch.setDescription("");
attrsUpdate.put("description", "");
}
}
if (!attrsUpdate.isEmpty()) {
UserHolder holder = new UserHolder();
holder.setUser(toPatch);
String json = gson.toJson(holder);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users/").append(fromKS.getId());
json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
for (String attr : attrsUpdate.keySet()) {
String val = attrsUpdate.get(attr);
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, attr, val);
}
}
for (String group : user.getGroups()) {
if (!fromKS.getUser().getGroups().contains(group)) {
String groupID = this.getGroupID(token.getAuthToken(), con, group);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "group", group);
} else {
throw new ProvisioningException("Could not add group " + group);
}
}
}
if (!addOnly) {
for (String group : fromKS.getUser().getGroups()) {
if (!user.getGroups().contains(group)) {
String groupID = this.getGroupID(token.getAuthToken(), con, group);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/groups/").append(groupID).append("/users/").append(fromKS.getId());
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "group", group);
}
}
}
}
if (attributes.contains("roles")) {
HashSet<Role> currentRoles = new HashSet<Role>();
if (fromKS.getUser().getAttribs().get("roles") != null) {
Attribute attr = fromKS.getUser().getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
currentRoles.add(gson.fromJson(jsonRole, Role.class));
}
}
if (user.getAttribs().containsKey("roles")) {
StringBuffer b = new StringBuffer();
Attribute attr = user.getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
Role role = gson.fromJson(jsonRole, Role.class);
if (!currentRoles.contains(role)) {
if (role.getScope().equalsIgnoreCase("project")) {
String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
if (projectid == null) {
throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
} else {
throw new ProvisioningException("Could not add role " + jsonRole);
}
} else {
String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
if (domainid == null) {
throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
if (this.callWSPutNoData(token.getAuthToken(), con, b.toString())) {
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Add, approvalID, workflow, "role", jsonRole);
} else {
throw new ProvisioningException("Could not add role " + jsonRole);
}
}
}
}
}
}
if (!addOnly) {
if (attributes.contains("roles")) {
HashSet<Role> currentRoles = new HashSet<Role>();
if (user.getAttribs().get("roles") != null) {
Attribute attr = user.getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
currentRoles.add(gson.fromJson(jsonRole, Role.class));
}
}
if (fromKS.getUser().getAttribs().containsKey("roles")) {
StringBuffer b = new StringBuffer();
Attribute attr = fromKS.getUser().getAttribs().get("roles");
for (String jsonRole : attr.getValues()) {
Role role = gson.fromJson(jsonRole, Role.class);
if (!currentRoles.contains(role)) {
if (role.getScope().equalsIgnoreCase("project")) {
String projectid = this.getProjectID(token.getAuthToken(), con, role.getProject());
if (projectid == null) {
throw new ProvisioningException("Project " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/projects/").append(projectid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
} else {
String domainid = this.getDomainID(token.getAuthToken(), con, role.getDomain());
if (domainid == null) {
throw new ProvisioningException("Domain " + role.getDomain() + " does not exist");
}
String roleid = this.getRoleID(token.getAuthToken(), con, role.getName());
if (roleid == null) {
throw new ProvisioningException("Role " + role.getName() + " does not exist");
}
b.setLength(0);
b.append(this.url).append("/domains/").append(domainid).append("/users/").append(fromKS.getId()).append("/roles/").append(roleid);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Delete, approvalID, workflow, "role", jsonRole);
}
}
}
}
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
UserAndID(com.tremolosecurity.unison.openstack.model.UserAndID)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Gson(com.google.gson.Gson)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
KSRole(com.tremolosecurity.unison.openstack.model.KSRole)
Role(com.tremolosecurity.unison.openstack.model.Role)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder)
HashSet(java.util.HashSet)
Example 2 with KSToken
use of com.tremolosecurity.unison.openstack.util.KSToken in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method setUserPassword.
@Override
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
UserHolder holder = new UserHolder();
holder.setUser(new KSUser());
holder.getUser().setPassword(user.getPassword());
Gson gson = new Gson();
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String json = gson.toJson(holder);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/users/").append(id);
json = this.callWSPotch(token.getAuthToken(), con, b.toString(), json);
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), false, ActionType.Replace, approvalID, workflow, "password", "***********");
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Gson(com.google.gson.Gson)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
UserHolder(com.tremolosecurity.unison.openstack.model.UserHolder)
HashSet(java.util.HashSet)
Example 3 with KSToken
use of com.tremolosecurity.unison.openstack.util.KSToken in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method listProjects.
public List<Map<Object, Object>> listProjects() throws ProvisioningException {
HttpCon con = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
StringBuffer b = new StringBuffer();
b.append(this.url).append("/projects?enabled");
String json = this.callWS(token.getAuthToken(), con, b.toString());
Gson gson = new Gson();
GsonBuilder builder = new GsonBuilder();
Object o = builder.create().fromJson(json, Object.class);
List<Map<Object, Object>> roles = (List<Map<Object, Object>>) ((Map<Object, Object>) o).get("projects");
return roles;
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
GsonBuilder(com.google.gson.GsonBuilder)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
Gson(com.google.gson.Gson)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
LinkedTreeMap(com.google.gson.internal.LinkedTreeMap)
HashMap(java.util.HashMap)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
Example 4 with KSToken
use of com.tremolosecurity.unison.openstack.util.KSToken in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
if (rolesOnly) {
throw new ProvisioningException("Unsupported");
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
HttpCon con = null;
KSUser fromKS = null;
try {
con = this.createClient();
KSToken token = this.getToken(con);
String id;
if (user.getAttribs().get("id") != null) {
id = user.getAttribs().get("id").getValues().get(0);
} else {
HashSet<String> attrs = new HashSet<String>();
attrs.add("id");
User userFromKS = this.findUser(user.getUserID(), attrs, request);
id = userFromKS.getAttribs().get("id").getValues().get(0);
}
StringBuffer b = new StringBuffer(this.url).append("/users/").append(id);
this.callWSDelete(token.getAuthToken(), con, b.toString());
this.cfgMgr.getProvisioningEngine().logAction(user.getUserID(), true, ActionType.Delete, approvalID, workflow, "name", user.getUserID());
} catch (Exception e) {
throw new ProvisioningException("Could not work with keystone", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
Also used :
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
User(com.tremolosecurity.provisioning.core.User)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
KSUser(com.tremolosecurity.unison.openstack.model.KSUser)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Example 5 with KSToken
use of com.tremolosecurity.unison.openstack.util.KSToken in project OpenUnison by TremoloSecurity.
the class KeystoneProvisioningTarget method getToken.
public KSToken getToken(HttpCon con) throws Exception {
Gson gson = new Gson();
StringBuffer b = new StringBuffer();
b.append(this.url).append("/auth/tokens");
HttpPost put = new HttpPost(b.toString());
TokenRequest req = new TokenRequest();
req.getAuth().setIdentity(new Identity());
req.getAuth().setScope(new Scope());
req.getAuth().getIdentity().getMethods().add("password");
req.getAuth().getIdentity().getPassword().getUser().setDomain(new KSDomain());
req.getAuth().getIdentity().getPassword().getUser().getDomain().setName(this.domain);
req.getAuth().getIdentity().getPassword().getUser().setName(this.userName);
req.getAuth().getIdentity().getPassword().getUser().setPassword(this.password);
req.getAuth().getScope().setProject(new Project());
req.getAuth().getScope().getProject().setName(this.projectName);
req.getAuth().getScope().getProject().setDomain(new KSDomain());
req.getAuth().getScope().getProject().getDomain().setName(this.projectDomainName);
String json = gson.toJson(req);
StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
put.setEntity(str);
HttpResponse resp = con.getHttp().execute(put);
if (resp.getStatusLine().getStatusCode() == 201) {
json = EntityUtils.toString(resp.getEntity());
TokenResponse token = gson.fromJson(json, TokenResponse.class);
String authToken = resp.getHeaders("X-Subject-Token")[0].getValue();
return new KSToken(authToken, token.getToken());
} else {
throw new Exception("Could not authenticate to keystone");
}
}
Also used :
HttpPost(org.apache.http.client.methods.HttpPost)
Gson(com.google.gson.Gson)
HttpResponse(org.apache.http.HttpResponse)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
IOException(java.io.IOException)
Project(com.tremolosecurity.unison.openstack.model.token.Project)
StringEntity(org.apache.http.entity.StringEntity)
Scope(com.tremolosecurity.unison.openstack.model.token.Scope)
TokenResponse(com.tremolosecurity.unison.openstack.model.TokenResponse)
TokenRequest(com.tremolosecurity.unison.openstack.model.TokenRequest)
KSToken(com.tremolosecurity.unison.openstack.util.KSToken)
KSDomain(com.tremolosecurity.unison.openstack.model.KSDomain)
Identity(com.tremolosecurity.unison.openstack.model.token.Identity)
Aggregations
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)13
KSToken (com.tremolosecurity.unison.openstack.util.KSToken)13
IOException (java.io.IOException)13
ClientProtocolException (org.apache.http.client.ClientProtocolException)13
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)12
Gson (com.google.gson.Gson)9
Workflow (com.tremolosecurity.provisioning.core.Workflow)4
KSUser (com.tremolosecurity.unison.openstack.model.KSUser)4
HashMap (java.util.HashMap)4
GsonBuilder (com.google.gson.GsonBuilder)3
LinkedTreeMap (com.google.gson.internal.LinkedTreeMap)3
UserHolder (com.tremolosecurity.unison.openstack.model.UserHolder)3
ArrayList (java.util.ArrayList)3
HashSet (java.util.HashSet)3
List (java.util.List)3
Map (java.util.Map)3
User (com.tremolosecurity.provisioning.core.User)2
Attribute (com.tremolosecurity.saml.Attribute)2
DomainsResponse (com.tremolosecurity.unison.openstack.model.DomainsResponse)2
KSRole (com.tremolosecurity.unison.openstack.model.KSRole)2
