Example 11 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class SecretResource method createSecret.
/**
* Creates a secret and assigns to given groups
*
* @excludeParams automationClient
* @param request JSON request to create a secret
*
* @responseMessage 201 Created secret and assigned to given groups
* @responseMessage 409 Secret already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequestV2 request) {
// allows new version, return version in resulting path
String name = request.name();
String user = automationClient.getName();
SecretBuilder builder = secretController.builder(name, request.content(), automationClient.getName(), request.expiry()).withDescription(request.description()).withMetadata(request.metadata()).withType(request.type());
Secret secret;
try {
secret = builder.create();
} catch (DataAccessException e) {
logger.info(format("Cannot create secret %s", name), e);
throw new ConflictException(format("Cannot create secret %s.", name));
}
Map<String, String> extraInfo = new HashMap<>();
if (request.description() != null) {
extraInfo.put("description", request.description());
}
if (request.metadata() != null) {
extraInfo.put("metadata", request.metadata().toString());
}
extraInfo.put("expiry", Long.toString(request.expiry()));
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, user, name, extraInfo));
long secretId = secret.getId();
groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
return Response.created(uriBuilder.build()).build();
}
Also used :
Secret(keywhiz.api.model.Secret)
Produces(javax.ws.rs.Produces)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
Valid(javax.validation.Valid)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
DefaultValue(javax.ws.rs.DefaultValue)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
BadRequestException(javax.ws.rs.BadRequestException)
UriBuilder(javax.ws.rs.core.UriBuilder)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
ContentCryptographer(keywhiz.service.crypto.ContentCryptographer)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
Group(keywhiz.api.model.Group)
SecretVersion(keywhiz.api.model.SecretVersion)
CreateSecretRequestV2(keywhiz.api.automation.v2.CreateSecretRequestV2)
HOURS(java.time.temporal.ChronoUnit.HOURS)
Set(java.util.Set)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
Base64(java.util.Base64)
List(java.util.List)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
SecretDAOFactory(keywhiz.service.daos.SecretDAO.SecretDAOFactory)
SecretContent(keywhiz.api.model.SecretContent)
PathParam(javax.ws.rs.PathParam)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
AclDAO(keywhiz.service.daos.AclDAO)
SanitizedSecretWithGroups(keywhiz.api.model.SanitizedSecretWithGroups)
GET(javax.ws.rs.GET)
Auth(io.dropwizard.auth.Auth)
PartialUpdateSecretRequestV2(keywhiz.api.automation.v2.PartialUpdateSecretRequestV2)
HashMap(java.util.HashMap)
SecretSeriesDAO(keywhiz.service.daos.SecretSeriesDAO)
Inject(javax.inject.Inject)
AutomationClient(keywhiz.api.model.AutomationClient)
ImmutableList(com.google.common.collect.ImmutableList)
SecretDAO(keywhiz.service.daos.SecretDAO)
SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder)
AuditLog(keywhiz.log.AuditLog)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
SecretSeriesDAOFactory(keywhiz.service.daos.SecretSeriesDAO.SecretSeriesDAOFactory)
Readonly(keywhiz.service.config.Readonly)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
SetSecretVersionRequestV2(keywhiz.api.automation.v2.SetSecretVersionRequestV2)
SecretController(keywhiz.service.daos.SecretController)
EventTag(keywhiz.log.EventTag)
Collectors.toList(java.util.stream.Collectors.toList)
CreateOrUpdateSecretRequestV2(keywhiz.api.automation.v2.CreateOrUpdateSecretRequestV2)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
PUT(javax.ws.rs.PUT)
ConflictException(keywhiz.service.exceptions.ConflictException)
HashMap(java.util.HashMap)
SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder)
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
Event(keywhiz.log.Event)
UriBuilder(javax.ws.rs.core.UriBuilder)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 12 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class SecretResource method partialUpdateSecret.
/**
* Updates a subset of the fields of an existing secret
*
* @excludeParams automationClient
* @param request JSON request to update a secret
*
* @responseMessage 201 Created secret and assigned to given groups
*/
@Timed
@ExceptionMetered
@Path("{name}/partialupdate")
@POST
@Consumes(APPLICATION_JSON)
public Response partialUpdateSecret(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid PartialUpdateSecretRequestV2 request) {
secretDAO.partialUpdateSecret(name, automationClient.getName(), request);
Map<String, String> extraInfo = new HashMap<>();
if (request.description() != null) {
extraInfo.put("description", request.description());
}
if (request.metadata() != null) {
extraInfo.put("metadata", request.metadata().toString());
}
if (request.expiry() != null) {
extraInfo.put("expiry", Long.toString(request.expiry()));
}
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_UPDATE, automationClient.getName(), name, extraInfo));
UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);
return Response.created(uriBuilder.build()).build();
}
Also used :
HashMap(java.util.HashMap)
Event(keywhiz.log.Event)
UriBuilder(javax.ws.rs.core.UriBuilder)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 13 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class SecretResource method backfillHmac.
/**
* Backfill content hmac for this secret.
*/
@Timed
@ExceptionMetered
@Path("{name}/backfill-hmac")
@POST
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public boolean backfillHmac(@Auth AutomationClient automationClient, @PathParam("name") String name, List<String> passwords) {
Optional<SecretSeriesAndContent> secret = secretDAO.getSecretByName(name);
if (!secret.isPresent()) {
return false;
}
logger.info("backfill-hmac {}: processing secret", name);
SecretContent secretContent = secret.get().content();
if (!secretContent.hmac().isEmpty()) {
// No need to backfill
return true;
}
String hmac = cryptographer.computeHmac(cryptographer.decrypt(secretContent.encryptedContent()).getBytes(UTF_8));
// We expect only one row to be changed
return secretSeriesDAO.setHmac(secretContent.id(), hmac) == 1;
}
Also used :
SecretContent(keywhiz.api.model.SecretContent)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 14 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationEnrollClientGroupResource method enrollClientInGroup.
/**
* Enroll Client in Group
*
* @param clientId the ID of the Client to assign
* @param groupId the ID of the Group to be assigned to
* @excludeParams automationClient
* @description Assigns the Client specified by the clientID to the Group specified by the
* groupID
* @responseMessage 200 Successfully enrolled Client in Group
* @responseMessage 404 Could not find Client or Group
*/
@Timed
@ExceptionMetered
@PUT
public Response enrollClientInGroup(@Auth AutomationClient automationClient, @PathParam("clientId") LongParam clientId, @PathParam("groupId") LongParam groupId) {
try {
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
aclDAO.findAndEnrollClient(clientId.get(), groupId.get(), auditLog, automationClient.getName(), extraInfo);
} catch (IllegalStateException e) {
throw new NotFoundException();
}
return Response.ok().build();
}
Also used :
HashMap(java.util.HashMap)
NotFoundException(javax.ws.rs.NotFoundException)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
PUT(javax.ws.rs.PUT)
Example 15 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationEnrollClientGroupResource method evictClientFromGroup.
/**
* Remove Client from Group
*
* @param clientId the ID of the Client to unassign
* @param groupId the ID of the Group to be removed from
* @excludeParams automationClient
* @description Unassigns the Client specified by the clientID from the Group specified by the
* groupID
* @responseMessage 200 Successfully removed Client from Group
* @responseMessage 404 Could not find Client or Group
*/
@Timed
@ExceptionMetered
@DELETE
public Response evictClientFromGroup(@Auth AutomationClient automationClient, @PathParam("clientId") long clientId, @PathParam("groupId") long groupId) {
try {
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
aclDAO.findAndEvictClient(clientId, groupId, auditLog, automationClient.getName(), extraInfo);
} catch (IllegalStateException e) {
throw new NotFoundException();
}
return Response.ok().build();
}
Also used :
HashMap(java.util.HashMap)
NotFoundException(javax.ws.rs.NotFoundException)
DELETE(javax.ws.rs.DELETE)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Aggregations
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)54
Timed (com.codahale.metrics.annotation.Timed)53
Path (javax.ws.rs.Path)36
Event (keywhiz.log.Event)29
HashMap (java.util.HashMap)28
NotFoundException (javax.ws.rs.NotFoundException)27
POST (javax.ws.rs.POST)25
Consumes (javax.ws.rs.Consumes)20
Produces (javax.ws.rs.Produces)20
DELETE (javax.ws.rs.DELETE)18
GET (javax.ws.rs.GET)17
Group (keywhiz.api.model.Group)16
SanitizedSecret (keywhiz.api.model.SanitizedSecret)16
Response (javax.ws.rs.core.Response)12
AutomationClient (keywhiz.api.model.AutomationClient)12
ConflictException (keywhiz.service.exceptions.ConflictException)12
Client (keywhiz.api.model.Client)11
Secret (keywhiz.api.model.Secret)11
URI (java.net.URI)9
PUT (javax.ws.rs.PUT)9
