Search in sources :

Example 1 with KeyPair

use of com.walmartlabs.concord.common.secret.KeyPair in project concord-plugins by walmartlabs.

the class GitTask method getSecret.

private Secret getSecret(Map<String, Object> in) throws Exception {
    Path keyPath = exportPrivateKey(in);
    if (keyPath != null) {
        byte[] privateKey = Files.readAllBytes(keyPath);
        Files.delete(keyPath);
        return new KeyPair(null, privateKey);
    }
    return getBasicAuthorization(in);
}
Also used : Path(java.nio.file.Path) KeyPair(com.walmartlabs.concord.common.secret.KeyPair)

Example 2 with KeyPair

use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.

the class GitClient method execWithCredentials.

private String execWithCredentials(Command cmd, Secret secret) {
    Path key = null;
    Path ssh = null;
    Path askpass = null;
    Map<String, String> env = new HashMap<>();
    env.put("GIT_TERMINAL_PROMPT", "0");
    try {
        if (secret instanceof KeyPair) {
            KeyPair keyPair = (KeyPair) secret;
            key = createSshKeyFile(keyPair);
            ssh = createUnixGitSSH(key);
            env.put("GIT_SSH", ssh.toAbsolutePath().toString());
            env.put("GIT_SSH_COMMAND", ssh.toAbsolutePath().toString());
            // supply a dummy value for DISPLAY so ssh will invoke SSH_ASKPASS
            if (!env.containsKey("DISPLAY")) {
                env.put("DISPLAY", ":");
            }
            log.info("using GIT_SSH to set credentials");
        } else if (secret instanceof UsernamePassword) {
            UsernamePassword userPass = (UsernamePassword) secret;
            askpass = createUnixStandardAskpass(userPass);
            env.put("GIT_ASKPASS", askpass.toAbsolutePath().toString());
            env.put("SSH_ASKPASS", askpass.toAbsolutePath().toString());
            log.info("using GIT_ASKPASS to set credentials ");
        } else if (secret instanceof BinaryDataSecret) {
            BinaryDataSecret token = (BinaryDataSecret) secret;
            askpass = createUnixStandardAskpass(new UsernamePassword(new String(token.getData()), "".toCharArray()));
            env.put("GIT_ASKPASS", askpass.toAbsolutePath().toString());
            log.info("using GIT_ASKPASS to set credentials ");
        }
        env.put("GIT_HTTP_LOW_SPEED_LIMIT", String.valueOf(cfg.httpLowSpeedLimit()));
        env.put("GIT_HTTP_LOW_SPEED_TIME", String.valueOf(cfg.httpLowSpeedTime().getSeconds()));
        return exec(Command.builder().from(cmd).putAllEnv(env).build());
    } catch (IOException e) {
        throw new RepositoryException("Failed to setup credentials", e);
    } finally {
        deleteTempFile(key);
        deleteTempFile(ssh);
        deleteTempFile(askpass);
    }
}
Also used : Path(java.nio.file.Path) KeyPair(com.walmartlabs.concord.common.secret.KeyPair) BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret) UsernamePassword(com.walmartlabs.concord.common.secret.UsernamePassword)

Example 3 with KeyPair

use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.

the class PrivateKeyProcessor method process.

@Override
@SuppressWarnings("unchecked")
public Payload process(Chain chain, Payload payload) {
    ProcessKey processKey = payload.getProcessKey();
    Map<String, Object> cfg = payload.getHeader(Payload.CONFIGURATION);
    Map<String, Object> ansibleCfg = (Map<String, Object>) cfg.get(AnsibleConfigurationConstants.GROUP_KEY);
    if (ansibleCfg == null) {
        return chain.process(payload);
    }
    Collection<Map<String, Object>> keys = (Collection<Map<String, Object>>) ansibleCfg.get(AnsibleConfigurationConstants.PRIVATE_KEYS);
    if (keys == null) {
        return chain.process(payload);
    }
    deprecationWarning(processKey);
    String secret = findMatchingSecret(payload, keys);
    if (secret == null) {
        logManager.error(processKey, "No matching secrets found");
        throw new ProcessException(processKey, "No matching secrets found");
    }
    UUID orgId = getOrgId(payload);
    KeyPair keyPair = secretManager.getKeyPair(SecretManager.AccessScope.internal(), orgId, secret, null);
    if (keyPair == null) {
        logManager.error(processKey, "Secret not found: " + secret);
        throw new ProcessException(processKey, "Secret not found: " + secret);
    }
    if (keyPair.getPrivateKey() == null) {
        logManager.error(processKey, "Private key not found: " + secret);
        throw new ProcessException(processKey, "Private key not found: " + secret);
    }
    Path workspace = payload.getHeader(Payload.WORKSPACE_DIR);
    Path dst = workspace.resolve(PRIVATE_KEY_FILE_NAME);
    try {
        Files.write(dst, keyPair.getPrivateKey(), StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
    } catch (IOException e) {
        logManager.error(processKey, "Error while copying a private key: " + dst, e);
        throw new ProcessException(processKey, "Error while copying a private key: " + dst, e);
    }
    log.info("process ['{}'] -> done", processKey);
    return chain.process(payload);
}
Also used : Path(java.nio.file.Path) ProcessException(com.walmartlabs.concord.server.process.ProcessException) KeyPair(com.walmartlabs.concord.common.secret.KeyPair) Collection(java.util.Collection) ProcessKey(com.walmartlabs.concord.server.sdk.ProcessKey) IOException(java.io.IOException) UUID(java.util.UUID) Map(java.util.Map)

Example 4 with KeyPair

use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.

the class SecretManager method getKeyPair.

/**
 * Decrypts and returns an existing SSH key pair.
 */
public KeyPair getKeyPair(AccessScope accessScope, UUID orgId, String name, String password) {
    DecryptedSecret e = getSecret(accessScope, orgId, name, password, SecretType.KEY_PAIR);
    if (e == null) {
        return null;
    }
    Secret s = e.getSecret();
    return (KeyPair) s;
}
Also used : BinaryDataSecret(com.walmartlabs.concord.common.secret.BinaryDataSecret) Secret(com.walmartlabs.concord.sdk.Secret) KeyPair(com.walmartlabs.concord.common.secret.KeyPair)

Example 5 with KeyPair

use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.

the class SecretManager method createKeyPair.

/**
 * Generates and stores a new SSH key pair.
 */
public DecryptedKeyPair createKeyPair(UUID orgId, UUID projectId, String name, String storePassword, SecretVisibility visibility, String secretStoreType) {
    orgManager.assertAccess(orgId, true);
    KeyPair k = generateKeyPair();
    UUID id = create(name, orgId, projectId, k, storePassword, visibility, secretStoreType, INSERT);
    return new DecryptedKeyPair(id, k.getPublicKey());
}
Also used : KeyPair(com.walmartlabs.concord.common.secret.KeyPair)

Aggregations

KeyPair (com.walmartlabs.concord.common.secret.KeyPair)8 Path (java.nio.file.Path)4 BinaryDataSecret (com.walmartlabs.concord.common.secret.BinaryDataSecret)2 UsernamePassword (com.walmartlabs.concord.common.secret.UsernamePassword)1 Secret (com.walmartlabs.concord.sdk.Secret)1 ProcessException (com.walmartlabs.concord.server.process.ProcessException)1 ProcessKey (com.walmartlabs.concord.server.sdk.ProcessKey)1 IOException (java.io.IOException)1 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 UUID (java.util.UUID)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Test (org.junit.jupiter.api.Test)1