use of keywhiz.log.Event in project keywhiz by square.
the class GroupResource method deleteGroup.
/**
* Delete a group
*
* @excludeParams automationClient
* @param name Group name to delete
*
* @responseMessage 204 Group deleted
* @responseMessage 404 Group not found
*/
@Timed
@ExceptionMetered
@DELETE
@Path("{name}")
public Response deleteGroup(@Auth AutomationClient automationClient, @PathParam("name") String name) {
Group group = groupDAOReadWrite.getGroup(name).orElseThrow(NotFoundException::new);
// Group memberships are deleted automatically by DB cascading.
groupDAOReadWrite.deleteGroup(group);
auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_DELETE, automationClient.getName(), group.getName()));
return Response.noContent().build();
}
use of keywhiz.log.Event in project keywhiz by square.
the class SecretResource method createSecret.
/**
* Creates a secret and assigns to given groups
*
* @excludeParams automationClient
* @param request JSON request to create a secret
*
* @responseMessage 201 Created secret and assigned to given groups
* @responseMessage 409 Secret already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequestV2 request) {
// allows new version, return version in resulting path
String name = request.name();
String user = automationClient.getName();
SecretBuilder builder = secretController.builder(name, request.content(), automationClient.getName(), request.expiry()).withDescription(request.description()).withMetadata(request.metadata()).withType(request.type());
Secret secret;
try {
secret = builder.create();
} catch (DataAccessException e) {
logger.info(format("Cannot create secret %s", name), e);
throw new ConflictException(format("Cannot create secret %s.", name));
}
Map<String, String> extraInfo = new HashMap<>();
if (request.description() != null) {
extraInfo.put("description", request.description());
}
if (request.metadata() != null) {
extraInfo.put("metadata", request.metadata().toString());
}
extraInfo.put("expiry", Long.toString(request.expiry()));
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, user, name, extraInfo));
long secretId = secret.getId();
groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
return Response.created(uriBuilder.build()).build();
}
use of keywhiz.log.Event in project keywhiz by square.
the class SecretResource method partialUpdateSecret.
/**
* Updates a subset of the fields of an existing secret
*
* @excludeParams automationClient
* @param request JSON request to update a secret
*
* @responseMessage 201 Created secret and assigned to given groups
*/
@Timed
@ExceptionMetered
@Path("{name}/partialupdate")
@POST
@Consumes(APPLICATION_JSON)
public Response partialUpdateSecret(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid PartialUpdateSecretRequestV2 request) {
secretDAO.partialUpdateSecret(name, automationClient.getName(), request);
Map<String, String> extraInfo = new HashMap<>();
if (request.description() != null) {
extraInfo.put("description", request.description());
}
if (request.metadata() != null) {
extraInfo.put("metadata", request.metadata().toString());
}
if (request.expiry() != null) {
extraInfo.put("expiry", Long.toString(request.expiry()));
}
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_UPDATE, automationClient.getName(), name, extraInfo));
UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
return Response.created(uriBuilder.build()).build();
}
use of keywhiz.log.Event in project keywhiz by square.
the class AutomationGroupResource method createGroup.
/**
* Create Group
*
* @param groupRequest the JSON group request used to formulate the Group
* @excludeParams automationClient
* @description Creates a Group with the name from a valid group request
* @responseMessage 200 Successfully created Group
* @responseMessage 409 Group with given name already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Group createGroup(@Auth AutomationClient automationClient, @Valid CreateGroupRequest groupRequest) {
Optional<Group> group = groupDAO.getGroup(groupRequest.name);
if (group.isPresent()) {
logger.info("Automation ({}) - Group {} already exists", automationClient.getName(), groupRequest.name);
throw new ConflictException("Group name already exists.");
}
long id = groupDAO.createGroup(groupRequest.name, automationClient.getName(), nullToEmpty(groupRequest.description), groupRequest.metadata);
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
if (groupRequest.description != null) {
extraInfo.put("description", groupRequest.description);
}
if (groupRequest.metadata != null) {
extraInfo.put("metadata", groupRequest.metadata.toString());
}
auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_CREATE, automationClient.getName(), groupRequest.name, extraInfo));
return groupDAO.getGroupById(id).get();
}
use of keywhiz.log.Event in project keywhiz by square.
the class ClientResource method deleteClient.
/**
* Delete a client
*
* @excludeParams automationClient
* @param name Client name
*
* @responseMessage 204 Client deleted
* @responseMessage 404 Client not found
*/
@Timed
@ExceptionMetered
@DELETE
@Path("{name}")
public Response deleteClient(@Auth AutomationClient automationClient, @PathParam("name") String name) {
Client client = clientDAOReadWrite.getClient(name).orElseThrow(NotFoundException::new);
// Group memberships are deleted automatically by DB cascading.
clientDAOReadWrite.deleteClient(client);
auditLog.recordEvent(new Event(Instant.now(), EventTag.CLIENT_DELETE, automationClient.getName(), client.getName()));
return Response.noContent().build();
}
Aggregations