Examples with Auth io.dropwizard.auth.Auth used on opensource projects

Example 1 with Auth

use of io.dropwizard.auth.Auth in project keywhiz by square.

the class AutomationGroupResource method getGroupByName.

/**
 * Retrieve Group by a specified name, or all Groups if no name given
 *
 * @param automationClient the client with automation access performing this operation
 * @param name the name of the Group to retrieve, if provided
 * @return details on the specified group, or an all groups if no name specified
 *
 * optionalParams name
 * description Returns a single Group or a set of all Groups
 * responseMessage 200 Found and retrieved Group(s)
 * responseMessage 404 Group with given name not found (if name provided)
 */
@Timed
@ExceptionMetered
@GET
public Response getGroupByName(@Auth AutomationClient automationClient, @QueryParam("name") Optional<String> name) {
    if (name.isPresent()) {
        Group group = groupDAO.getGroup(name.get()).orElseThrow(NotFoundException::new);
        ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
        ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
        return Response.ok().entity(GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients)).build();
    }
    ImmutableList<SanitizedSecret> emptySecrets = ImmutableList.of();
    ImmutableList<Client> emptyClients = ImmutableList.of();
    List<GroupDetailResponse> groups = groupDAO.getGroups().stream().map((g) -> GroupDetailResponse.fromGroup(g, emptySecrets, emptyClients)).collect(toList());
    return Response.ok().entity(groups).build();
}

Example 2 with Auth

use of io.dropwizard.auth.Auth in project keywhiz by square.

the class SecretResource method createSecret.

/**
 * Creates a secret and assigns to given groups
 *
 * @param request JSON request to create a secret
 *
 * responseMessage 201 Created secret and assigned to given groups
 * responseMessage 409 Secret already exists
 */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequestV2 request) {
    // allows new version, return version in resulting path
    String name = request.name();
    String user = automationClient.getName();
    SecretBuilder builder = secretController.builder(name, request.content(), automationClient.getName(), request.expiry()).withDescription(request.description()).withMetadata(request.metadata()).withOwnerName(request.owner()).withType(request.type());
    Secret secret;
    try {
        secret = builder.create();
    } catch (DataAccessException e) {
        logger.info(format("Cannot create secret %s", name), e);
        throw new ConflictException(format("Cannot create secret %s.", name));
    }
    Map<String, String> extraInfo = new HashMap<>();
    if (request.description() != null) {
        extraInfo.put("description", request.description());
    }
    if (request.metadata() != null) {
        extraInfo.put("metadata", request.metadata().toString());
    }
    extraInfo.put("expiry", Long.toString(request.expiry()));
    auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, user, name, extraInfo));
    long secretId = secret.getId();
    groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
    UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
    return Response.created(uriBuilder.build()).build();
}

Example 3 with Auth

use of io.dropwizard.auth.Auth in project keywhiz by square.

the class AutomationClientResource method findClient.

/**
 * Retrieve Client by a specified name, or all Clients if no name given
 *
 * @param automationClient the client with automation access performing this operation
 * @param name the name of the Client to retrieve, if provided
 * @return the specified client if found, or all clients if name omitted
 *
 * optionalParams name
 * description Returns a single Client or a set of all Clients
 * responseMessage 200 Found and retrieved Client(s)
 * responseMessage 404 Client with given name not found (if name provided)
 */
@Timed
@ExceptionMetered
@GET
public Response findClient(@Auth AutomationClient automationClient, @QueryParam("name") Optional<String> name) {
    logger.info("Automation ({}) - Looking up a name {}", automationClient.getName(), name);
    if (name.isPresent()) {
        Client client = clientDAO.getClientByName(name.get()).orElseThrow(NotFoundException::new);
        ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(client));
        return Response.ok().entity(ClientDetailResponse.fromClient(client, groups, ImmutableList.of())).build();
    }
    List<ClientDetailResponse> clients = clientDAO.getClients().stream().map(c -> ClientDetailResponse.fromClient(c, ImmutableList.copyOf(aclDAO.getGroupsFor(c)), ImmutableList.of())).collect(toList());
    return Response.ok().entity(clients).build();
}

Example 4 with Auth

use of io.dropwizard.auth.Auth in project keywhiz by square.

the class ClientResource method modifyClientGroups.

/**
 * Modify groups a client has membership in
 *
 * @param name    Client name
 * @param request JSON request specifying which groups to add or remove
 * @return Listing of groups client has membership in
 * <p>
 * responseMessage 201 Client modified successfully
 * <p>
 * responseMessage 404 Client not found
 */
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Produces(APPLICATION_JSON)
public Iterable<String> modifyClientGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
    Client client = clientDAOReadWrite.getClientByName(name).orElseThrow(NotFoundException::new);
    String user = automationClient.getName();
    long clientId = client.getId();
    Set<String> oldGroups = aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
    Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
    Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
    // TODO: should optimize AclDAO to use names and return only name column
    groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, user, new HashMap<>())));
    groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEvictClient(clientId, groupId, auditLog, user, new HashMap<>())));
    return aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
}

Example 5 with Auth

use of io.dropwizard.auth.Auth in project keywhiz by square.

the class ClientResource method createClient.

/**
   * Creates a client and assigns to given groups
   *
   * @excludeParams automationClient
   * @param request JSON request to create a client
   *
   * @responseMessage 201 Created client and assigned to given groups
   * @responseMessage 409 Client already exists
   */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createClient(@Auth AutomationClient automationClient, @Valid CreateClientRequestV2 request) {
    String creator = automationClient.getName();
    String client = request.name();
    clientDAOReadWrite.getClient(client).ifPresent((c) -> {
        logger.info("Automation ({}) - Client {} already exists", creator, client);
        throw new ConflictException("Client name already exists.");
    });
    // Creates new client record
    long clientId = clientDAOReadWrite.createClient(client, creator, request.description());
    auditLog.recordEvent(new Event(Instant.now(), EventTag.CLIENT_CREATE, creator, client));
    // Enrolls client in any requested groups
    groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, creator, new HashMap<>())));
    URI uri = UriBuilder.fromResource(ClientResource.class).path(client).build();
    return Response.created(uri).build();
}