use of com.walmartlabs.concord.common.secret.KeyPair in project concord-plugins by walmartlabs.
the class GitTask method getSecret.
private Secret getSecret(Map<String, Object> in) throws Exception {
Path keyPath = exportPrivateKey(in);
if (keyPath != null) {
byte[] privateKey = Files.readAllBytes(keyPath);
Files.delete(keyPath);
return new KeyPair(null, privateKey);
}
return getBasicAuthorization(in);
}
use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.
the class GitClient method execWithCredentials.
private String execWithCredentials(Command cmd, Secret secret) {
Path key = null;
Path ssh = null;
Path askpass = null;
Map<String, String> env = new HashMap<>();
env.put("GIT_TERMINAL_PROMPT", "0");
try {
if (secret instanceof KeyPair) {
KeyPair keyPair = (KeyPair) secret;
key = createSshKeyFile(keyPair);
ssh = createUnixGitSSH(key);
env.put("GIT_SSH", ssh.toAbsolutePath().toString());
env.put("GIT_SSH_COMMAND", ssh.toAbsolutePath().toString());
// supply a dummy value for DISPLAY so ssh will invoke SSH_ASKPASS
if (!env.containsKey("DISPLAY")) {
env.put("DISPLAY", ":");
}
log.info("using GIT_SSH to set credentials");
} else if (secret instanceof UsernamePassword) {
UsernamePassword userPass = (UsernamePassword) secret;
askpass = createUnixStandardAskpass(userPass);
env.put("GIT_ASKPASS", askpass.toAbsolutePath().toString());
env.put("SSH_ASKPASS", askpass.toAbsolutePath().toString());
log.info("using GIT_ASKPASS to set credentials ");
} else if (secret instanceof BinaryDataSecret) {
BinaryDataSecret token = (BinaryDataSecret) secret;
askpass = createUnixStandardAskpass(new UsernamePassword(new String(token.getData()), "".toCharArray()));
env.put("GIT_ASKPASS", askpass.toAbsolutePath().toString());
log.info("using GIT_ASKPASS to set credentials ");
}
env.put("GIT_HTTP_LOW_SPEED_LIMIT", String.valueOf(cfg.httpLowSpeedLimit()));
env.put("GIT_HTTP_LOW_SPEED_TIME", String.valueOf(cfg.httpLowSpeedTime().getSeconds()));
return exec(Command.builder().from(cmd).putAllEnv(env).build());
} catch (IOException e) {
throw new RepositoryException("Failed to setup credentials", e);
} finally {
deleteTempFile(key);
deleteTempFile(ssh);
deleteTempFile(askpass);
}
}
use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.
the class PrivateKeyProcessor method process.
@Override
@SuppressWarnings("unchecked")
public Payload process(Chain chain, Payload payload) {
ProcessKey processKey = payload.getProcessKey();
Map<String, Object> cfg = payload.getHeader(Payload.CONFIGURATION);
Map<String, Object> ansibleCfg = (Map<String, Object>) cfg.get(AnsibleConfigurationConstants.GROUP_KEY);
if (ansibleCfg == null) {
return chain.process(payload);
}
Collection<Map<String, Object>> keys = (Collection<Map<String, Object>>) ansibleCfg.get(AnsibleConfigurationConstants.PRIVATE_KEYS);
if (keys == null) {
return chain.process(payload);
}
deprecationWarning(processKey);
String secret = findMatchingSecret(payload, keys);
if (secret == null) {
logManager.error(processKey, "No matching secrets found");
throw new ProcessException(processKey, "No matching secrets found");
}
UUID orgId = getOrgId(payload);
KeyPair keyPair = secretManager.getKeyPair(SecretManager.AccessScope.internal(), orgId, secret, null);
if (keyPair == null) {
logManager.error(processKey, "Secret not found: " + secret);
throw new ProcessException(processKey, "Secret not found: " + secret);
}
if (keyPair.getPrivateKey() == null) {
logManager.error(processKey, "Private key not found: " + secret);
throw new ProcessException(processKey, "Private key not found: " + secret);
}
Path workspace = payload.getHeader(Payload.WORKSPACE_DIR);
Path dst = workspace.resolve(PRIVATE_KEY_FILE_NAME);
try {
Files.write(dst, keyPair.getPrivateKey(), StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
} catch (IOException e) {
logManager.error(processKey, "Error while copying a private key: " + dst, e);
throw new ProcessException(processKey, "Error while copying a private key: " + dst, e);
}
log.info("process ['{}'] -> done", processKey);
return chain.process(payload);
}
use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.
the class SecretManager method getKeyPair.
/**
* Decrypts and returns an existing SSH key pair.
*/
public KeyPair getKeyPair(AccessScope accessScope, UUID orgId, String name, String password) {
DecryptedSecret e = getSecret(accessScope, orgId, name, password, SecretType.KEY_PAIR);
if (e == null) {
return null;
}
Secret s = e.getSecret();
return (KeyPair) s;
}
use of com.walmartlabs.concord.common.secret.KeyPair in project concord by walmartlabs.
the class SecretManager method createKeyPair.
/**
* Generates and stores a new SSH key pair.
*/
public DecryptedKeyPair createKeyPair(UUID orgId, UUID projectId, String name, String storePassword, SecretVisibility visibility, String secretStoreType) {
orgManager.assertAccess(orgId, true);
KeyPair k = generateKeyPair();
UUID id = create(name, orgId, projectId, k, storePassword, visibility, secretStoreType, INSERT);
return new DecryptedKeyPair(id, k.getPublicKey());
}
Aggregations