Examples with AutomationClient keywhiz.api.model.AutomationClient used on opensource projects

Example 1 with AutomationClient

use of keywhiz.api.model.AutomationClient in project keywhiz by square.

the class SecretResource method createSecret.

/**
   * Creates a secret and assigns to given groups
   *
   * @excludeParams automationClient
   * @param request JSON request to create a secret
   *
   * @responseMessage 201 Created secret and assigned to given groups
   * @responseMessage 409 Secret already exists
   */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequestV2 request) {
    // allows new version, return version in resulting path
    String name = request.name();
    String user = automationClient.getName();
    SecretBuilder builder = secretController.builder(name, request.content(), automationClient.getName(), request.expiry()).withDescription(request.description()).withMetadata(request.metadata()).withType(request.type());
    Secret secret;
    try {
        secret = builder.create();
    } catch (DataAccessException e) {
        logger.info(format("Cannot create secret %s", name), e);
        throw new ConflictException(format("Cannot create secret %s.", name));
    }
    Map<String, String> extraInfo = new HashMap<>();
    if (request.description() != null) {
        extraInfo.put("description", request.description());
    }
    if (request.metadata() != null) {
        extraInfo.put("metadata", request.metadata().toString());
    }
    extraInfo.put("expiry", Long.toString(request.expiry()));
    auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, user, name, extraInfo));
    long secretId = secret.getId();
    groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
    UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
    return Response.created(uriBuilder.build()).build();
}

Example 2 with AutomationClient

use of keywhiz.api.model.AutomationClient in project keywhiz by square.

the class AutomationGroupResource method getGroupByName.

/**
   * Retrieve Group by a specified name, or all Groups if no name given
   *
   * @param name the name of the Group to retrieve, if provided
   * @excludeParams automationClient
   * @optionalParams name
   * @description Returns a single Group or a set of all Groups
   * @responseMessage 200 Found and retrieved Group(s)
   * @responseMessage 404 Group with given name not found (if name provided)
   */
@Timed
@ExceptionMetered
@GET
public Response getGroupByName(@Auth AutomationClient automationClient, @QueryParam("name") Optional<String> name) {
    if (name.isPresent()) {
        Group group = groupDAO.getGroup(name.get()).orElseThrow(NotFoundException::new);
        ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
        ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
        return Response.ok().entity(GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients)).build();
    }
    ImmutableList<SanitizedSecret> emptySecrets = ImmutableList.of();
    ImmutableList<Client> emptyClients = ImmutableList.of();
    List<GroupDetailResponse> groups = groupDAO.getGroups().stream().map((g) -> GroupDetailResponse.fromGroup(g, emptySecrets, emptyClients)).collect(toList());
    return Response.ok().entity(groups).build();
}

Example 3 with AutomationClient

use of keywhiz.api.model.AutomationClient in project keywhiz by square.

the class ClientResource method deleteClient.

/**
   * Delete a client
   *
   * @excludeParams automationClient
   * @param name Client name
   *
   * @responseMessage 204 Client deleted
   * @responseMessage 404 Client not found
   */
@Timed
@ExceptionMetered
@DELETE
@Path("{name}")
public Response deleteClient(@Auth AutomationClient automationClient, @PathParam("name") String name) {
    Client client = clientDAOReadWrite.getClient(name).orElseThrow(NotFoundException::new);
    // Group memberships are deleted automatically by DB cascading.
    clientDAOReadWrite.deleteClient(client);
    auditLog.recordEvent(new Event(Instant.now(), EventTag.CLIENT_DELETE, automationClient.getName(), client.getName()));
    return Response.noContent().build();
}

Example 4 with AutomationClient

use of keywhiz.api.model.AutomationClient in project keywhiz by square.

the class ClientResource method modifyClientGroups.

/**
   * Modify groups a client has membership in
   *
   * @excludeParams automationClient
   * @param name Client name
   * @param request JSON request specifying which groups to add or remove
   * @return Listing of groups client has membership in
   *
   * @responseMessage 201 Client modified successfully
   * @responseMessage 404 Client not found
   */
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Produces(APPLICATION_JSON)
public Iterable<String> modifyClientGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
    Client client = clientDAOReadWrite.getClient(name).orElseThrow(NotFoundException::new);
    String user = automationClient.getName();
    long clientId = client.getId();
    Set<String> oldGroups = aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
    Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
    Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
    // TODO: should optimize AclDAO to use names and return only name column
    groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, user, new HashMap<>())));
    groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEvictClient(clientId, groupId, auditLog, user, new HashMap<>())));
    return aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
}

Example 5 with AutomationClient

use of keywhiz.api.model.AutomationClient in project keywhiz by square.

the class AutomationClientResource method createClient.

/**
   * Create Client
   *
   * @param clientRequest the JSON client request used to formulate the Client
   * @excludeParams automationClient
   * @description Creates a Client with the name from a valid client request
   * @responseMessage 200 Successfully created Client
   * @responseMessage 409 Client with given name already exists
   */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public ClientDetailResponse createClient(@Auth AutomationClient automationClient, @Valid CreateClientRequest clientRequest) {
    Optional<Client> client = clientDAO.getClient(clientRequest.name);
    if (client.isPresent()) {
        logger.info("Automation ({}) - Client {} already exists", automationClient.getName(), clientRequest.name);
        throw new ConflictException("Client name already exists.");
    }
    long id = clientDAO.createClient(clientRequest.name, automationClient.getName(), "");
    client = clientDAO.getClientById(id);
    if (client.isPresent()) {
        Map<String, String> extraInfo = new HashMap<>();
        extraInfo.put("deprecated", "true");
        auditLog.recordEvent(new Event(Instant.now(), EventTag.CLIENT_CREATE, automationClient.getName(), client.get().getName(), extraInfo));
    }
    return ClientDetailResponse.fromClient(client.get(), ImmutableList.of(), ImmutableList.of());
}