use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class SecretResource method resetSecretVersion.
/**
* Reset the current version of the given secret to the given version index.
*
* @param request A request to update a given secret
*
* responseMessage 201 Secret series current version updated successfully
* responseMessage 400 Invalid secret version specified
* responseMessage 404 Secret series not found
*/
@Timed
@ExceptionMetered
@Path("{name}/setversion")
@POST
public Response resetSecretVersion(@Auth AutomationClient automationClient, @Valid SetSecretVersionRequestV2 request) {
secretDAO.setCurrentSecretVersionByName(request.name(), request.version(), automationClient.getName());
// If the secret wasn't found or the request was misformed, setCurrentSecretVersionByName
// already threw an exception
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("new version", Long.toString(request.version()));
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CHANGEVERSION, automationClient.getName(), request.name(), extraInfo));
return Response.status(Response.Status.CREATED).build();
}
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class SecretResource method backfillHmac.
/**
* Backfill content hmac for this secret.
*/
@Timed
@ExceptionMetered
@Path("{name}/backfill-hmac")
@POST
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public boolean backfillHmac(@Auth AutomationClient automationClient, @PathParam("name") String name) {
Optional<SecretSeriesAndContent> secret = secretDAO.getSecretByName(name);
if (!secret.isPresent()) {
return false;
}
logger.info("backfill-hmac {}: processing secret", name);
SecretContent secretContent = secret.get().content();
if (!secretContent.hmac().isEmpty()) {
// No need to backfill
return true;
}
String hmac = cryptographer.computeHmac(cryptographer.decrypt(secretContent.encryptedContent()).getBytes(UTF_8), "hmackey");
// We expect only one row to be changed
return secretSeriesDAO.setHmac(secretContent.id(), hmac) == 1;
}
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class SecretResource method modifySecretGroups.
/**
* Modify the groups a secret is assigned to
*
* @param name Secret series name
* @param request JSON request to modify groups
*
* responseMessage 201 Group membership changed
* responseMessage 404 Secret series not found
*/
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public Iterable<String> modifySecretGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
// TODO: Use latest version instead of non-versioned
Secret secret = secretController.getSecretByName(name).orElseThrow(NotFoundException::new);
String user = automationClient.getName();
long secretId = secret.getId();
Set<String> oldGroups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
// TODO: should optimize AclDAO to use names and return only name column
groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndRevokeAccess(secretId, groupId, auditLog, user, new HashMap<>())));
return aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
}
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationSecretAccessResource method disallowAccess.
/**
* Remove Secret from Group
*
* @param automationClient the client with automation access performing this operation
* @param secretId the ID of the Secret to unassign
* @param groupId the ID of the Group to be removed from
* @return 200 on success, 404 if the secret or group is absent
*
* description Unassigns the Secret specified by the secretID from the Group specified by the groupID
* responseMessage 200 Successfully removed Secret from Group
* responseMessage 404 Could not find Secret or Group
*/
@Timed
@ExceptionMetered
@DELETE
public Response disallowAccess(@Auth AutomationClient automationClient, @PathParam("secretId") LongParam secretId, @PathParam("groupId") LongParam groupId) {
logger.info("Client '{}' disallowing groupId={} access to secretId={}", automationClient, secretId, groupId);
try {
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
aclDAO.findAndRevokeAccess(secretId.get(), groupId.get(), auditLog, automationClient.getName(), extraInfo);
} catch (IllegalStateException e) {
throw new NotFoundException();
}
return Response.ok().build();
}
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationSecretAccessResource method allowAccess.
/**
* Assign Secret to Group
*
* @param automationClient the client with automation access performing this operation
* @param secretId the ID of the Secret to assign
* @param groupId the ID of the Group to be assigned to
* @return 200 on success, 404 if the secret or group is absent
*
* description Assigns the Secret specified by the secretID to the Group specified by the groupID
* responseMessage 200 Successfully enrolled Secret in Group
* responseMessage 404 Could not find Secret or Group
*/
@Timed
@ExceptionMetered
@PUT
public Response allowAccess(@Auth AutomationClient automationClient, @PathParam("secretId") LongParam secretId, @PathParam("groupId") LongParam groupId) {
logger.info("Client '{}' allowing groupId={} access to secretId={}", automationClient, secretId, groupId);
try {
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
aclDAO.findAndAllowAccess(secretId.get(), groupId.get(), auditLog, automationClient.getName(), extraInfo);
} catch (IllegalStateException e) {
throw new NotFoundException();
}
return Response.ok().build();
}
Aggregations