use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class KMSSecureStore method getSecureData.
/**
* Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another
* to get the data.
* @param namespace The namespace this key belongs to.
* @param name Name of the key.
* @return An object representing the securely stored data associated with the name.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws IOException If there was a problem getting the key or the metadata from the underlying key provider.
*/
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
KeyProvider.Metadata metadata = provider.getMetadata(keyName);
// Provider returns null if the key is not found.
if (metadata == null) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
SecureStoreMetadata meta = SecureStoreMetadata.of(name, metadata.getDescription(), metadata.getAttributes());
KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName);
return new SecureStoreData(meta, keyVersion.getMaterial());
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class SecureStoreHandler method create.
@Path("/{key-name}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void create(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception {
SecureKeyId secureKeyId = new SecureKeyId(namespace, name);
SecureKeyCreateRequest secureKeyCreateRequest = parseBody(httpRequest, SecureKeyCreateRequest.class);
if (secureKeyCreateRequest == null) {
SecureKeyCreateRequest dummy = new SecureKeyCreateRequest("<description>", "<data>", ImmutableMap.of("key", "value"));
throw new BadRequestException("Unable to parse the request. The request body should be of the following format." + " \n" + GSON.toJson(dummy));
}
secureStoreManager.putSecureData(namespace, name, secureKeyCreateRequest.getData(), secureKeyCreateRequest.getDescription(), secureKeyCreateRequest.getProperties());
httpResponder.sendStatus(HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class SecureStoreClientTest method testSecureKeys.
@Test
public void testSecureKeys() throws Exception {
// no secure keys to begin with
Map<String, String> secureKeys = client.listKeys(NamespaceId.DEFAULT);
Assert.assertTrue(secureKeys.isEmpty());
// create a key
String key = "securekey";
String desc = "SomeDesc";
String data = "secureData";
Map<String, String> properties = ImmutableMap.of("k1", "v1");
long creationTime = System.currentTimeMillis();
SecureKeyId secureKeyId = new SecureKeyId(NamespaceId.DEFAULT.getNamespace(), key);
client.createKey(secureKeyId, new SecureKeyCreateRequest(desc, data, properties));
Assert.assertEquals(data, client.getData(secureKeyId));
Assert.assertEquals(1, client.listKeys(NamespaceId.DEFAULT).size());
SecureStoreMetadata metadata = client.getKeyMetadata(secureKeyId);
Assert.assertEquals(desc, metadata.getDescription());
Assert.assertTrue(metadata.getLastModifiedTime() >= creationTime);
Assert.assertEquals(properties, metadata.getProperties());
// delete the key
client.deleteKey(secureKeyId);
Assert.assertTrue(client.listKeys(NamespaceId.DEFAULT).isEmpty());
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class DefaultSecureStoreService method listSecureData.
/**
* Lists all the secure keys in the given namespace that the user has access to. Returns an empty list if the user
* does not have access to the namespace or any of the keys in the namespace.
* @return A map of key names accessible by the user and their descriptions.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws IOException If there was a problem reading from the store.
*
*/
@Override
public final Map<String, String> listSecureData(String namespace) throws Exception {
Principal principal = authenticationContext.getPrincipal();
final Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
Map<String, String> metadatas = secureStore.listSecureData(namespace);
Map<String, String> result = new HashMap<>(metadatas.size());
for (String name : metadatas.keySet()) {
if (filter.apply(new SecureKeyId(namespace, name))) {
result.put(name, metadatas.get(name));
}
}
return result;
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class DefaultSecureStoreService method putSecureData.
/**
* Puts the user provided data in the secure store, if the user has write access to the namespace. Grants the user
* all access to the newly created entity.
* @throws BadRequestException If the request does not contain the value to be stored.
* @throws UnauthorizedException If the user does not have write permissions on the namespace.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
* @throws IOException If there was a problem storing the key to underlying provider.
*/
@Override
public final synchronized void putSecureData(String namespace, String name, String value, String description, Map<String, String> properties) throws Exception {
Principal principal = authenticationContext.getPrincipal();
NamespaceId namespaceId = new NamespaceId(namespace);
authorizationEnforcer.enforce(namespaceId, principal, Action.WRITE);
if (Strings.isNullOrEmpty(value)) {
throw new BadRequestException("The data field should not be empty. This is the data that will be stored " + "securely.");
}
privilegesManager.grant(new SecureKeyId(namespace, name), principal, EnumSet.allOf(Action.class));
secureStoreManager.putSecureData(namespace, name, value, description, properties);
}
Aggregations