How to use

Authn

in

com.netflix.spinnaker.halyard.config.model.v1.security

public boolean isEnabled() {
 return getOauth2().isEnabled() || getSaml().isEnabled() || getLdap().isEnabled()
   || getX509().isEnabled() || getIap().isEnabled();
}

@Override
public void validate(ConfigProblemSetBuilder p, Authn n) {
 if (!n.isEnabled() && maybeShouldBeEnabled(n)) {
  p.addProblem(Problem.Severity.WARNING, "An authentication method is fully or " +
    "partially configured, but not enabled. It must be enabled to take effect.");
 }
}

public Authn getAuthn(String deploymentName) {
 Security security = getSecurity(deploymentName);
 Authn result = security.getAuthn();
 if (result == null) {
  result = new Authn();
  security.setAuthn(result);
 }
 return result;
}

public void setAuthnMethod(String deploymentName, AuthnMethod method) {
 Authn authn = getAuthn(deploymentName);
 switch (method.getMethod()) {
  case OAuth2:
   authn.setOauth2((OAuth2) method);
   break;
  case SAML:
   authn.setSaml((Saml) method);
   break;
  case LDAP:
   authn.setLdap((Ldap) method);
   break;
  case X509:
   authn.setX509((X509) method);
   break;
  case IAP:
   authn.setIap((IAP) method);
   break;
  default:
   throw new RuntimeException("Unknown Authn method " + method.getMethod());
 }
}

 SpringConfig(Security security) {
  OAuth2 oauth2 = security.getAuthn().getOauth2();
  if (oauth2.isEnabled()) {
   this.oauth2 = oauth2;
  }
 }
}

 public LdapConfig(Security security) {
  if (!security.getAuthn().getLdap().isEnabled()) {
   return;
  }

  Ldap ldap = security.getAuthn().getLdap();

  this.enabled = ldap.isEnabled();
  this.url = ldap.getUrl();
  this.userDnPattern = ldap.getUserDnPattern();
  this.userSearchBase = ldap.getUserSearchBase();
  this.userSearchFilter = ldap.getUserSearchFilter();
 }
}

 public X509Config(Security security) {
  if (!security.getAuthn().getX509().isEnabled()) {
   return;
  }

  X509 x509 = security.getAuthn().getX509();

  this.enabled = x509.isEnabled();
  if (StringUtils.isNotEmpty(x509.getRoleOid())) {
   this.roleOid = x509.getRoleOid();
  }
  if (StringUtils.isNotEmpty(x509.getNodeName())) {
   this.subjectPrincipalRegex = x509.getSubjectPrincipalRegex();
  }
 }
}

 public IAPConfig(Security security) {
  if (!security.getAuthn().getIap().isEnabled()) {
   return;
  }

  IAP iap = security.getAuthn().getIap();

  this.enabled = iap.isEnabled();
  if (StringUtils.isNotEmpty(iap.getAudience())) {
   this.audience = iap.getAudience();
  }
  if (StringUtils.isNotEmpty(iap.getJwtHeader())) {
   this.jwtHeader = iap.getJwtHeader();
  }
  if (StringUtils.isNotEmpty(iap.getIssuerId())) {
   this.issuerId = iap.getIssuerId();
  }
  if (StringUtils.isNotEmpty(iap.getIapVerifyKeyUrl())) {
   this.iapVerifyKeyUrl = iap.getIapVerifyKeyUrl();
  }
 }
}

 public SamlConfig(Security security) {
  if (!security.getAuthn().getSaml().isEnabled()) {
   return;
  }

  Saml saml = security.getAuthn().getSaml();

  this.enabled = saml.isEnabled();
  this.issuerId = saml.getIssuerId();
  this.metadataUrl = "file:" + saml.getMetadataLocal();
  if (StringUtils.isNotEmpty(saml.getMetadataRemote())) {
   this.metadataUrl = saml.getMetadataRemote();
  }

  this.keyStore = "file:" + saml.getKeyStore();
  this.keyStoreAliasName = saml.getKeyStoreAliasName();
  this.keyStorePassword = saml.getKeyStorePassword();

  URL u = saml.getServiceAddress();
  this.redirectProtocol = u.getProtocol();
  this.redirectHostname = u.getHost();
  if (u.getPort() != -1) {
   this.redirectHostname += ":" + u.getPort();
  }
  if (StringUtils.isNotEmpty(u.getPath())) {
   this.redirectBasePath = u.getPath();
  }
 }
}

public void setAuthnMethod(String deploymentName, AuthnMethod method) {
 Authn authn = getAuthn(deploymentName);
 switch (method.getMethod()) {
  case OAuth2:
   authn.setOauth2((OAuth2) method);
   break;
  case SAML:
   authn.setSaml((Saml) method);
   break;
  case LDAP:
   authn.setLdap((Ldap) method);
   break;
  case X509:
   authn.setX509((X509) method);
   break;
  case IAP:
   authn.setIap((IAP) method);
   break;
  default:
   throw new RuntimeException("Unknown Authn method " + method.getMethod());
 }
}

 SpringConfig(Security security) {
  OAuth2 oauth2 = security.getAuthn().getOauth2();
  if (oauth2.isEnabled()) {
   this.oauth2 = oauth2;
  }
 }
}

 public LdapConfig(Security security) {
  if (!security.getAuthn().getLdap().isEnabled()) {
   return;
  }

  Ldap ldap = security.getAuthn().getLdap();

  this.enabled = ldap.isEnabled();
  this.url = ldap.getUrl();
  this.userDnPattern = ldap.getUserDnPattern();
  this.userSearchBase = ldap.getUserSearchBase();
  this.userSearchFilter = ldap.getUserSearchFilter();
 }
}

 public X509Config(Security security) {
  if (!security.getAuthn().getX509().isEnabled()) {
   return;
  }

  X509 x509 = security.getAuthn().getX509();

  this.enabled = x509.isEnabled();
  if (StringUtils.isNotEmpty(x509.getRoleOid())) {
   this.roleOid = x509.getRoleOid();
  }
  if (StringUtils.isNotEmpty(x509.getNodeName())) {
   this.subjectPrincipalRegex = x509.getSubjectPrincipalRegex();
  }
 }
}

 public IAPConfig(Security security) {
  if (!security.getAuthn().getIap().isEnabled()) {
   return;
  }

  IAP iap = security.getAuthn().getIap();

  this.enabled = iap.isEnabled();
  if (StringUtils.isNotEmpty(iap.getAudience())) {
   this.audience = iap.getAudience();
  }
  if (StringUtils.isNotEmpty(iap.getJwtHeader())) {
   this.jwtHeader = iap.getJwtHeader();
  }
  if (StringUtils.isNotEmpty(iap.getIssuerId())) {
   this.issuerId = iap.getIssuerId();
  }
  if (StringUtils.isNotEmpty(iap.getIapVerifyKeyUrl())) {
   this.iapVerifyKeyUrl = iap.getIapVerifyKeyUrl();
  }
 }
}

 public SamlConfig(Security security) {
  if (!security.getAuthn().getSaml().isEnabled()) {
   return;
  }

  Saml saml = security.getAuthn().getSaml();

  this.enabled = saml.isEnabled();
  this.issuerId = saml.getIssuerId();
  this.metadataUrl = "file:" + saml.getMetadataLocal();
  if (StringUtils.isNotEmpty(saml.getMetadataRemote())) {
   this.metadataUrl = saml.getMetadataRemote();
  }

  this.keyStore = "file:" + saml.getKeyStore();
  this.keyStoreAliasName = saml.getKeyStoreAliasName();
  this.keyStorePassword = saml.getKeyStorePassword();

  URL u = saml.getServiceAddress();
  this.redirectProtocol = u.getProtocol();
  this.redirectHostname = u.getHost();
  if (u.getPort() != -1) {
   this.redirectHostname += ":" + u.getPort();
  }
  if (StringUtils.isNotEmpty(u.getPath())) {
   this.redirectBasePath = u.getPath();
  }
 }
}

public boolean isEnabled() {
 return getOauth2().isEnabled() || getSaml().isEnabled() || getLdap().isEnabled()
   || getX509().isEnabled() || getIap().isEnabled();
}

 public boolean isAuth(DeploymentConfiguration deploymentConfiguration) {
  return deploymentConfiguration.getSecurity().getAuthn().isEnabled();
 }
}

public Authn getAuthn(String deploymentName) {
 Security security = getSecurity(deploymentName);
 Authn result = security.getAuthn();
 if (result == null) {
  result = new Authn();
  security.setAuthn(result);
 }
 return result;
}

 /**
  * @return True if any core field in an authentication method has a non-empty value. "Core fields"
  * are generally required fields to make an authentication method work, such as client ID/secret,
  * or path to a certficate store.
  */
 private boolean maybeShouldBeEnabled(Authn n) {
  OAuth2 o = n.getOauth2();
  Saml s = n.getSaml();
  Ldap l = n.getLdap();
  IAP i = n.getIap();
  // There isn't a good "core fields" for X509

  return StringUtils.isNotEmpty(o.getClient().getClientId()) ||
    StringUtils.isNotEmpty(o.getClient().getClientSecret()) ||
    StringUtils.isNotEmpty(s.getIssuerId()) ||
    StringUtils.isNotEmpty(s.getKeyStore()) ||
    StringUtils.isNotEmpty(l.getUserDnPattern()) ||
    StringUtils.isNotEmpty(l.getUserSearchBase()) ||
    StringUtils.isNotEmpty(l.getUserSearchFilter()) ||
    StringUtils.isNotEmpty(i.getAudience());
 }
}

 public boolean isAuth(DeploymentConfiguration deploymentConfiguration) {
  return deploymentConfiguration.getSecurity().getAuthn().isEnabled();
 }
}