Search in sources :

Example 1 with BinaryDataSecret

use of com.walmartlabs.concord.common.secret.BinaryDataSecret in project concord by walmartlabs.

the class GitClient method execWithCredentials.

private String execWithCredentials(Command cmd, Secret secret) {
    Path key = null;
    Path ssh = null;
    Path askpass = null;
    Map<String, String> env = new HashMap<>();
    env.put("GIT_TERMINAL_PROMPT", "0");
    try {
        if (secret instanceof KeyPair) {
            KeyPair keyPair = (KeyPair) secret;
            key = createSshKeyFile(keyPair);
            ssh = createUnixGitSSH(key);
            env.put("GIT_SSH", ssh.toAbsolutePath().toString());
            env.put("GIT_SSH_COMMAND", ssh.toAbsolutePath().toString());
            // supply a dummy value for DISPLAY so ssh will invoke SSH_ASKPASS
            if (!env.containsKey("DISPLAY")) {
                env.put("DISPLAY", ":");
            }
            log.info("using GIT_SSH to set credentials");
        } else if (secret instanceof UsernamePassword) {
            UsernamePassword userPass = (UsernamePassword) secret;
            askpass = createUnixStandardAskpass(userPass);
            env.put("GIT_ASKPASS", askpass.toAbsolutePath().toString());
            env.put("SSH_ASKPASS", askpass.toAbsolutePath().toString());
            log.info("using GIT_ASKPASS to set credentials ");
        } else if (secret instanceof BinaryDataSecret) {
            BinaryDataSecret token = (BinaryDataSecret) secret;
            askpass = createUnixStandardAskpass(new UsernamePassword(new String(token.getData()), "".toCharArray()));
            env.put("GIT_ASKPASS", askpass.toAbsolutePath().toString());
            log.info("using GIT_ASKPASS to set credentials ");
        }
        env.put("GIT_HTTP_LOW_SPEED_LIMIT", String.valueOf(cfg.httpLowSpeedLimit()));
        env.put("GIT_HTTP_LOW_SPEED_TIME", String.valueOf(cfg.httpLowSpeedTime().getSeconds()));
        return exec(Command.builder().from(cmd).putAllEnv(env).build());
    } catch (IOException e) {
        throw new RepositoryException("Failed to setup credentials", e);
    } finally {
        deleteTempFile(key);
        deleteTempFile(ssh);
        deleteTempFile(askpass);
    }
}
Also used : Path(java.nio.file.Path) KeyPair(com.walmartlabs.concord.common.secret.KeyPair) BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret) UsernamePassword(com.walmartlabs.concord.common.secret.UsernamePassword)

Example 2 with BinaryDataSecret

use of com.walmartlabs.concord.common.secret.BinaryDataSecret in project concord by walmartlabs.

the class SecretManager method createBinaryData.

/**
 * Stores a new single value secret.
 */
public DecryptedBinaryData createBinaryData(DSLContext tx, UUID orgId, UUID projectId, String name, String storePassword, InputStream data, SecretVisibility visibility, String storeType, SecretDao.InsertMode insertMode) throws IOException {
    orgManager.assertAccess(tx, orgId, true);
    BinaryDataSecret d = buildBinaryData(data);
    UUID id = create(tx, name, orgId, projectId, d, storePassword, visibility, storeType, insertMode);
    return new DecryptedBinaryData(id);
}
Also used : BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret)

Example 3 with BinaryDataSecret

use of com.walmartlabs.concord.common.secret.BinaryDataSecret in project concord by walmartlabs.

the class SecretManager method assertApiKey.

public ApiKeyEntry assertApiKey(AccessScope accessScope, UUID orgId, String secretName, String password) {
    DecryptedSecret secret = getSecret(accessScope, orgId, secretName, password, SecretType.DATA);
    BinaryDataSecret data = (BinaryDataSecret) secret.getSecret();
    ApiKeyEntry result = apiKeyDao.find(new String(data.getData()));
    if (result == null) {
        throw new ConcordApplicationException("Api key from secret '" + secretName + "' not found", Status.NOT_FOUND);
    }
    return result;
}
Also used : ApiKeyEntry(com.walmartlabs.concord.server.security.apikey.ApiKeyEntry) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret)

Example 4 with BinaryDataSecret

use of com.walmartlabs.concord.common.secret.BinaryDataSecret in project concord by walmartlabs.

the class SecretServiceImpl method exportAsFile.

@Override
public String exportAsFile(Context ctx, String instanceId, String workDir, String orgName, String name, String password) throws Exception {
    BinaryDataSecret bds = get(ctx, orgName, name, password, SecretEntry.TypeEnum.DATA);
    Path baseDir = Paths.get(workDir);
    Path tmpDir = assertTempDir(baseDir);
    Path p = Files.createTempFile(tmpDir, "file", ".bin");
    Files.write(p, bds.getData());
    return baseDir.relativize(p).toString();
}
Also used : Path(java.nio.file.Path) BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret)

Example 5 with BinaryDataSecret

use of com.walmartlabs.concord.common.secret.BinaryDataSecret in project concord by walmartlabs.

the class DefaultSecretService method exportAsFile.

@Override
public Path exportAsFile(String orgName, String secretName, String password) throws Exception {
    BinaryDataSecret bds = get(orgName, secretName, password, SecretEntry.TypeEnum.DATA);
    Path p = fileService.createTempFile("secret-service-file", ".bin");
    Files.write(p, bds.getData());
    return p;
}
Also used : Path(java.nio.file.Path) BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret)

Aggregations

BinaryDataSecret (com.walmartlabs.concord.common.secret.BinaryDataSecret)6 Path (java.nio.file.Path)3 KeyPair (com.walmartlabs.concord.common.secret.KeyPair)1 UsernamePassword (com.walmartlabs.concord.common.secret.UsernamePassword)1 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)1 ApiKeyEntry (com.walmartlabs.concord.server.security.apikey.ApiKeyEntry)1 InputStream (java.io.InputStream)1