Example 1 with AclDAO
use of keywhiz.service.daos.AclDAO in project keywhiz by square.
the class ClientResource method modifyClientGroups.
/**
* Modify groups a client has membership in
*
* @param name Client name
* @param request JSON request specifying which groups to add or remove
* @return Listing of groups client has membership in
* <p>
* responseMessage 201 Client modified successfully
* <p>
* responseMessage 404 Client not found
*/
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Produces(APPLICATION_JSON)
public Iterable<String> modifyClientGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
Client client = clientDAOReadWrite.getClientByName(name).orElseThrow(NotFoundException::new);
String user = automationClient.getName();
long clientId = client.getId();
Set<String> oldGroups = aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
// TODO: should optimize AclDAO to use names and return only name column
groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, user, new HashMap<>())));
groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEvictClient(clientId, groupId, auditLog, user, new HashMap<>())));
return aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
}
Also used :
Produces(javax.ws.rs.Produces)
Event(keywhiz.log.Event)
URISyntaxException(java.net.URISyntaxException)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
Valid(javax.validation.Valid)
ClientDAOFactory(keywhiz.service.daos.ClientDAO.ClientDAOFactory)
Consumes(javax.ws.rs.Consumes)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
BadRequestException(javax.ws.rs.BadRequestException)
UriBuilder(javax.ws.rs.core.UriBuilder)
URI(java.net.URI)
Client(keywhiz.api.model.Client)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
Tracing.setTag(keywhiz.Tracing.setTag)
Group(keywhiz.api.model.Group)
Tracing.tagErrors(keywhiz.Tracing.tagErrors)
Set(java.util.Set)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotImplementedException(org.apache.commons.lang3.NotImplementedException)
PathParam(javax.ws.rs.PathParam)
AclDAO(keywhiz.service.daos.AclDAO)
ClientDAO(keywhiz.service.daos.ClientDAO)
GET(javax.ws.rs.GET)
ClientDetailResponseV2(keywhiz.api.automation.v2.ClientDetailResponseV2)
Auth(io.dropwizard.auth.Auth)
HashMap(java.util.HashMap)
Inject(javax.inject.Inject)
AutomationClient(keywhiz.api.model.AutomationClient)
CreateClientRequestV2(keywhiz.api.automation.v2.CreateClientRequestV2)
AuditLog(keywhiz.log.AuditLog)
ModifyClientRequestV2(keywhiz.api.automation.v2.ModifyClientRequestV2)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
EventTag(keywhiz.log.EventTag)
PUT(javax.ws.rs.PUT)
NotFoundException(javax.ws.rs.NotFoundException)
Client(keywhiz.api.model.Client)
AutomationClient(keywhiz.api.model.AutomationClient)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
PUT(javax.ws.rs.PUT)
Example 2 with AclDAO
use of keywhiz.service.daos.AclDAO in project keywhiz by square.
the class SecretResource method modifySecretGroups.
/**
* Modify the groups a secret is assigned to
*
* @param name Secret series name
* @param request JSON request to modify groups
*
* responseMessage 201 Group membership changed
* responseMessage 404 Secret series not found
*/
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public Iterable<String> modifySecretGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
// TODO: Use latest version instead of non-versioned
Secret secret = secretController.getSecretByName(name).orElseThrow(NotFoundException::new);
String user = automationClient.getName();
long secretId = secret.getId();
Set<String> oldGroups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
// TODO: should optimize AclDAO to use names and return only name column
groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndRevokeAccess(secretId, groupId, auditLog, user, new HashMap<>())));
return aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
}
Also used :
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
Secret(keywhiz.api.model.Secret)
Produces(javax.ws.rs.Produces)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
Valid(javax.validation.Valid)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
DefaultValue(javax.ws.rs.DefaultValue)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
BadRequestException(javax.ws.rs.BadRequestException)
UriBuilder(javax.ws.rs.core.UriBuilder)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
ContentCryptographer(keywhiz.service.crypto.ContentCryptographer)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
Group(keywhiz.api.model.Group)
CreateSecretRequestV2(keywhiz.api.automation.v2.CreateSecretRequestV2)
HOURS(java.time.temporal.ChronoUnit.HOURS)
Set(java.util.Set)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
Base64(java.util.Base64)
List(java.util.List)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
SecretDAOFactory(keywhiz.service.daos.SecretDAO.SecretDAOFactory)
SecretContent(keywhiz.api.model.SecretContent)
PathParam(javax.ws.rs.PathParam)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
AclDAO(keywhiz.service.daos.AclDAO)
SanitizedSecretWithGroups(keywhiz.api.model.SanitizedSecretWithGroups)
GET(javax.ws.rs.GET)
Auth(io.dropwizard.auth.Auth)
PartialUpdateSecretRequestV2(keywhiz.api.automation.v2.PartialUpdateSecretRequestV2)
HashMap(java.util.HashMap)
SecretSeriesDAO(keywhiz.service.daos.SecretSeriesDAO)
ArrayList(java.util.ArrayList)
Inject(javax.inject.Inject)
AutomationClient(keywhiz.api.model.AutomationClient)
ImmutableList(com.google.common.collect.ImmutableList)
SecretDAO(keywhiz.service.daos.SecretDAO)
SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder)
AuditLog(keywhiz.log.AuditLog)
SanitizedSecretWithGroupsListAndCursor(keywhiz.api.model.SanitizedSecretWithGroupsListAndCursor)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
SecretSeriesDAOFactory(keywhiz.service.daos.SecretSeriesDAO.SecretSeriesDAOFactory)
Readonly(keywhiz.service.config.Readonly)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
SecretRetrievalCursor(keywhiz.api.model.SecretRetrievalCursor)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
SetSecretVersionRequestV2(keywhiz.api.automation.v2.SetSecretVersionRequestV2)
SecretController(keywhiz.service.daos.SecretController)
SecretContentsResponseV2(keywhiz.api.automation.v2.SecretContentsResponseV2)
SecretContentsRequestV2(keywhiz.api.automation.v2.SecretContentsRequestV2)
EventTag(keywhiz.log.EventTag)
Collectors.toList(java.util.stream.Collectors.toList)
CreateOrUpdateSecretRequestV2(keywhiz.api.automation.v2.CreateOrUpdateSecretRequestV2)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
PUT(javax.ws.rs.PUT)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
PUT(javax.ws.rs.PUT)
Aggregations
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)2
Timed (com.codahale.metrics.annotation.Timed)2
Sets (com.google.common.collect.Sets)2
Auth (io.dropwizard.auth.Auth)2
String.format (java.lang.String.format)2
Instant (java.time.Instant)2
HashMap (java.util.HashMap)2
Optional (java.util.Optional)2
Set (java.util.Set)2
Collectors.toSet (java.util.stream.Collectors.toSet)2
Stream (java.util.stream.Stream)2
Inject (javax.inject.Inject)2
Valid (javax.validation.Valid)2
BadRequestException (javax.ws.rs.BadRequestException)2
Consumes (javax.ws.rs.Consumes)2
DELETE (javax.ws.rs.DELETE)2
GET (javax.ws.rs.GET)2
NotFoundException (javax.ws.rs.NotFoundException)2
POST (javax.ws.rs.POST)2
PUT (javax.ws.rs.PUT)2
