Examples with Group keywhiz.api.model.Group used on opensource projects

Example 1 with Group

use of keywhiz.api.model.Group in project keywhiz by square.

the class AutomationGroupResource method getGroupByName.

/**
 * Retrieve Group by a specified name, or all Groups if no name given
 *
 * @param automationClient the client with automation access performing this operation
 * @param name the name of the Group to retrieve, if provided
 * @return details on the specified group, or an all groups if no name specified
 *
 * optionalParams name
 * description Returns a single Group or a set of all Groups
 * responseMessage 200 Found and retrieved Group(s)
 * responseMessage 404 Group with given name not found (if name provided)
 */
@Timed
@ExceptionMetered
@GET
public Response getGroupByName(@Auth AutomationClient automationClient, @QueryParam("name") Optional<String> name) {
    if (name.isPresent()) {
        Group group = groupDAO.getGroup(name.get()).orElseThrow(NotFoundException::new);
        ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
        ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
        return Response.ok().entity(GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients)).build();
    }
    ImmutableList<SanitizedSecret> emptySecrets = ImmutableList.of();
    ImmutableList<Client> emptyClients = ImmutableList.of();
    List<GroupDetailResponse> groups = groupDAO.getGroups().stream().map((g) -> GroupDetailResponse.fromGroup(g, emptySecrets, emptyClients)).collect(toList());
    return Response.ok().entity(groups).build();
}

Example 2 with Group

use of keywhiz.api.model.Group in project keywhiz by square.

the class AutomationGroupResource method createGroup.

/**
 * Create Group
 *
 * @param automationClient the client with automation access performing this operation
 * @param groupRequest the JSON group request used to formulate the Group
 * @return details on the newly-created group
 *
 * description Creates a Group with the name from a valid group request
 * responseMessage 200 Successfully created Group
 * responseMessage 409 Group with given name already exists
 */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Group createGroup(@Auth AutomationClient automationClient, @Valid CreateGroupRequest groupRequest) {
    Optional<Group> group = groupDAO.getGroup(groupRequest.name);
    if (group.isPresent()) {
        logger.info("Automation ({}) - Group {} already exists", automationClient.getName(), groupRequest.name);
        throw new ConflictException("Group name already exists.");
    }
    long id = groupDAO.createGroup(groupRequest.name, automationClient.getName(), nullToEmpty(groupRequest.description), groupRequest.metadata);
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("deprecated", "true");
    if (groupRequest.description != null) {
        extraInfo.put("description", groupRequest.description);
    }
    if (groupRequest.metadata != null) {
        extraInfo.put("metadata", groupRequest.metadata.toString());
    }
    auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_CREATE, automationClient.getName(), groupRequest.name, extraInfo));
    return groupDAO.getGroupById(id).get();
}

Example 3 with Group

use of keywhiz.api.model.Group in project keywhiz by square.

the class AutomationSecretResource method readSecrets.

/**
 * Retrieve secret by a specified name, or all secrets if no name given
 * Note that retrieving all secrets could be an expensive query
 *
 * @param automationClient the client with automation access performing this operation
 * @param name the name of the secret to retrieve, if provided
 * @return details on the specified secret, or all secrets if no name given
 *
 * description Returns a single secret or a set of all secrets
 * responseMessage 200 Found and retrieved secret(s)
 * responseMessage 404 Secret with given name not found (if name provided)
 */
@Timed
@ExceptionMetered
@GET
public ImmutableList<AutomationSecretResponse> readSecrets(@Auth AutomationClient automationClient, @QueryParam("name") String name) {
    ImmutableList.Builder<AutomationSecretResponse> responseBuilder = ImmutableList.builder();
    if (name != null) {
        Optional<Secret> optionalSecret = secretController.getSecretByName(name);
        if (!optionalSecret.isPresent()) {
            throw new NotFoundException("Secret not found.");
        }
        Secret secret = optionalSecret.get();
        ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(secret));
        responseBuilder.add(AutomationSecretResponse.fromSecret(secret, groups));
    } else {
        List<SanitizedSecret> secrets = secretController.getSanitizedSecrets(null, null);
        for (SanitizedSecret sanitizedSecret : secrets) {
            Secret secret = secretController.getSecretById(sanitizedSecret.id()).orElseThrow(() -> new IllegalStateException(format("Cannot find record related to %s", sanitizedSecret)));
            ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(secret));
            responseBuilder.add(AutomationSecretResponse.fromSecret(secret, groups));
        }
    }
    return responseBuilder.build();
}

Example 4 with Group

use of keywhiz.api.model.Group in project keywhiz by square.

the class BackupResource method backup.

/**
 * Backup all secrets for a given group. Returns an encrypted encrypted to
 * the backup key in the main configuration file. Only accessible to automation clients.
 *
 * @param name Group name
 *
 * @return Encrypted archive
 */
@Timed
@ExceptionMetered
@GET
@Path("{key}/group/{group}")
@Produces(APPLICATION_OCTET_STREAM)
public byte[] backup(@Auth AutomationClient automationClient, @PathParam("group") String name, @PathParam("key") String key) {
    if (config.getBackupExportKey(key) == null) {
        throw new NotFoundException("Unknown key: " + key);
    }
    Optional<Group> groupOptional = groupDAO.getGroup(name);
    if (!groupOptional.isPresent()) {
        throw new NotFoundException("Unknown group: " + name);
    }
    Group group = groupOptional.get();
    // SecretDeliveryResponse is the same data a client receives when requesting a secret,
    // so it should have all the relevant information we need (including content, checksum).
    List<SecretDeliveryResponse> secrets = secretController.getSecretsForGroup(group).stream().map(SecretDeliveryResponse::fromSecret).collect(toList());
    String serialized;
    try {
        serialized = objectMapper.writeValueAsString(secrets);
    } catch (JsonProcessingException e) {
        // This should never happen
        logger.error("Unable to backup secrets", e);
        throw new InternalServerErrorException("Unable to backup secrets, check logs for details");
    }
    // Record all checksums of backed up/exported secrets so we can uniquely identify which
    // particular contents were returned in the response from inspection of the audit log.
    Map<String, String> auditInfo = secrets.stream().collect(toMap(SecretDeliveryResponse::getName, SecretDeliveryResponse::getChecksum));
    // Record audit event
    auditLog.recordEvent(new Event(now(), GROUP_BACKUP, automationClient.getName(), group.getName(), auditInfo));
    // Perform encryption & return encrypted data
    try {
        Key exportKey = new Key(config.getBackupExportKey(key));
        Encryptor encryptor = new Encryptor(exportKey);
        encryptor.setEncryptionAlgorithm(AES256);
        encryptor.setSigningAlgorithm(Unsigned);
        encryptor.setCompressionAlgorithm(ZIP);
        ByteArrayInputStream plaintext = new ByteArrayInputStream(serialized.getBytes(UTF_8));
        ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
        encryptor.encrypt(plaintext, ciphertext, new FileMetadata(format("%s.json", group), UTF8));
        return ciphertext.toByteArray();
    } catch (PGPException | IOException e) {
        logger.error("Unable to backup secrets", e);
        throw new InternalServerErrorException("Unable to backup secrets, check logs for details");
    }
}

Example 5 with Group

use of keywhiz.api.model.Group in project keywhiz by square.

the class GroupsResource method deleteGroup.

/**
 * Delete Group by ID
 *
 * @param user the admin user performing this operation
 * @param groupId the ID of the Group to be deleted
 * @return 200 if the deletion succeeded, 404 if the group was not found
 *
 * description Deletes a single Group if found.
 * Used by Keywhiz CLI and the web ui.
 * responseMessage 200 Found and deleted Group with given ID
 * responseMessage 404 Group with given ID not Found
 */
@Path("{groupId}")
@Timed
@ExceptionMetered
@DELETE
public Response deleteGroup(@Auth User user, @PathParam("groupId") LongParam groupId) {
    logger.info("User '{}' deleting group id={}.", user, groupId);
    Optional<Group> group = groupDAO.getGroupById(groupId.get());
    if (!group.isPresent()) {
        throw new NotFoundException("Group not found.");
    }
    groupDAO.deleteGroup(group.get());
    auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_DELETE, user.getName(), group.get().getName()));
    return Response.noContent().build();
}