Added logging and reformatted, updated drone config
This commit is contained in:
parent
323337ed64
commit
f5f773a90b
30
.drone.yml
30
.drone.yml
|
@ -118,10 +118,13 @@ steps:
|
|||
- ssh-keyscan -H git.2martens.de > $HOME/.ssh/known_hosts 2>/dev/null
|
||||
- git clone ssh://giteajim@git.2martens.de:22/2martens/cloud-configuration.git .
|
||||
- git checkout main
|
||||
- name: modify deployed image
|
||||
- name: update image version
|
||||
image: alpine
|
||||
commands:
|
||||
- sed -i -r "s/(wahlrecht_image_version:).*/\1\ ${DRONE_SEMVER}/" ansible/inventories/host_vars/api-server/public.yaml
|
||||
- mkdir $HOME/bin
|
||||
- wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_arm64 -O $HOME/bin/yq && chmod +x $HOME/bin/yq
|
||||
- sed -i -r "s/(tag:).*/\1\ \"${DRONE_SEMVER}\"/" argocd/wahlrecht/${DRONE_DEPLOY_TO}/overwrite_values.yaml
|
||||
- cd argocd/configserver/${DRONE_DEPLOY_TO} && $HOME/bin/yq '. *= load("overwrite_values.yaml")' default_values.yaml > values.yaml
|
||||
- name: save modified variable file
|
||||
image: alpine/git
|
||||
environment:
|
||||
|
@ -134,32 +137,13 @@ steps:
|
|||
- touch $HOME/.ssh/known_hosts
|
||||
- chmod 600 $HOME/.ssh/known_hosts
|
||||
- ssh-keyscan -H git.2martens.de > $HOME/.ssh/known_hosts 2>/dev/null
|
||||
- git add ansible/inventories/host_vars/api-server/public.yaml
|
||||
- git add argocd/wahlrecht/${DRONE_DEPLOY_TO}/*
|
||||
- git diff-index --quiet HEAD || git commit -m "[Drone] Changed wahlrecht_image_version to ${DRONE_SEMVER}"
|
||||
- git push origin main
|
||||
- name: deploy image
|
||||
image: plugins/ansible:latest
|
||||
volumes:
|
||||
- name: cache
|
||||
path: /root/.ansible
|
||||
settings:
|
||||
playbook: ansible/deploy_spring.yaml
|
||||
inventory: ansible/inventories/production
|
||||
galaxy: ansible/requirements.yaml
|
||||
galaxy_force: false
|
||||
private_key:
|
||||
from_secret: private_ssh_key
|
||||
vault_password:
|
||||
from_secret: vault_password
|
||||
|
||||
volumes:
|
||||
- name: cache
|
||||
host:
|
||||
path: /var/lib/drone/cache/.ansible
|
||||
|
||||
trigger:
|
||||
target:
|
||||
- production
|
||||
- test
|
||||
event:
|
||||
include:
|
||||
- promote
|
||||
|
|
|
@ -13,53 +13,54 @@ import org.keycloak.representations.idm.authorization.Permission
|
|||
class SpringPolicyEnforcer(private val policyEnforcer: PolicyEnforcer,
|
||||
private val policyEnforcerConfig: PolicyEnforcerConfig) {
|
||||
|
||||
fun enforce(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement is enabled. Enforcing policy decisions for path [{}].", request.uri)
|
||||
}
|
||||
val context = authorize(request, response)
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement result for path [{}] is : {}", request.uri, if (context.isGranted) "GRANTED" else "DENIED")
|
||||
log.debug("Returning authorization context with permissions:")
|
||||
for (permission in context.permissions) {
|
||||
log.debug(permission.toString())
|
||||
}
|
||||
}
|
||||
return context
|
||||
fun enforce(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement is enabled. Enforcing policy decisions for path [{}].", request.uri)
|
||||
}
|
||||
|
||||
private fun authorize(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
val enforcementMode = policyEnforcerConfig.enforcementMode
|
||||
return if (EnforcementMode.DISABLED == enforcementMode) {
|
||||
createAuthorizedContext()
|
||||
} else policyEnforcer.enforce(request, response)
|
||||
val context = authorize(request, response)
|
||||
if (log.isDebugEnabled) {
|
||||
log.debug("Policy enforcement result for path [{}] is : {}", request.uri, if (context.isGranted) "GRANTED" else "DENIED")
|
||||
log.debug("Returning authorization context with permissions:")
|
||||
for (permission in context.permissions) {
|
||||
log.debug(permission.toString())
|
||||
}
|
||||
}
|
||||
return context
|
||||
}
|
||||
|
||||
private fun createAuthorizedContext(): AuthorizationContext {
|
||||
return object : ClientAuthorizationContext(policyEnforcer.authzClient) {
|
||||
override fun hasPermission(resourceName: String, scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
private fun authorize(request: HttpRequest, response: HttpResponse): AuthorizationContext {
|
||||
val enforcementMode = policyEnforcerConfig.enforcementMode
|
||||
log.debug("Authorize with enforcement mode: [{}]", enforcementMode)
|
||||
return if (EnforcementMode.DISABLED == enforcementMode) {
|
||||
createAuthorizedContext()
|
||||
} else policyEnforcer.enforce(request, response)
|
||||
}
|
||||
|
||||
override fun hasResourcePermission(resourceName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
private fun createAuthorizedContext(): AuthorizationContext {
|
||||
return object : ClientAuthorizationContext(policyEnforcer.authzClient) {
|
||||
override fun hasPermission(resourceName: String, scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun hasScopePermission(scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
override fun hasResourcePermission(resourceName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun getPermissions(): List<Permission> {
|
||||
return emptyList()
|
||||
}
|
||||
override fun hasScopePermission(scopeName: String): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun isGranted(): Boolean {
|
||||
return true
|
||||
}
|
||||
}
|
||||
override fun getPermissions(): List<Permission> {
|
||||
return emptyList()
|
||||
}
|
||||
|
||||
override fun isGranted(): Boolean {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
companion object {
|
||||
private val log = KotlinLogging.logger {}
|
||||
}
|
||||
companion object {
|
||||
private val log = KotlinLogging.logger {}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue