Example 31 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationSecretAccessResource method allowAccess.
/**
* Assign Secret to Group
*
* @excludeParams automationClient
* @param secretId the ID of the Secret to assign
* @param groupId the ID of the Group to be assigned to
*
* @description Assigns the Secret specified by the secretID to the Group specified by the groupID
* @responseMessage 200 Successfully enrolled Secret in Group
* @responseMessage 404 Could not find Secret or Group
*/
@Timed
@ExceptionMetered
@PUT
public Response allowAccess(@Auth AutomationClient automationClient, @PathParam("secretId") LongParam secretId, @PathParam("groupId") LongParam groupId) {
logger.info("Client '{}' allowing groupId={} access to secretId={}", automationClient, secretId, groupId);
try {
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
aclDAO.findAndAllowAccess(secretId.get(), groupId.get(), auditLog, automationClient.getName(), extraInfo);
} catch (IllegalStateException e) {
throw new NotFoundException();
}
return Response.ok().build();
}
Also used :
HashMap(java.util.HashMap)
NotFoundException(javax.ws.rs.NotFoundException)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
PUT(javax.ws.rs.PUT)
Example 32 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationSecretAccessResource method disallowAccess.
/**
* Remove Secret from Group
*
* @excludeParams automationClient
* @param secretId the ID of the Secret to unassign
* @param groupId the ID of the Group to be removed from
*
* @description Unassigns the Secret specified by the secretID from the Group specified by the groupID
* @responseMessage 200 Successfully removed Secret from Group
* @responseMessage 404 Could not find Secret or Group
*/
@Timed
@ExceptionMetered
@DELETE
public Response disallowAccess(@Auth AutomationClient automationClient, @PathParam("secretId") LongParam secretId, @PathParam("groupId") LongParam groupId) {
logger.info("Client '{}' disallowing groupId={} access to secretId={}", automationClient, secretId, groupId);
try {
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
aclDAO.findAndRevokeAccess(secretId.get(), groupId.get(), auditLog, automationClient.getName(), extraInfo);
} catch (IllegalStateException e) {
throw new NotFoundException();
}
return Response.ok().build();
}
Also used :
HashMap(java.util.HashMap)
NotFoundException(javax.ws.rs.NotFoundException)
DELETE(javax.ws.rs.DELETE)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 33 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationSecretResource method createSecret.
/**
* Create secret
*
* @excludeParams automationClient
* @param request JSON request to formulate the secret
*
* @description Creates a secret with the name, content, and metadata from a valid secret request
* @responseMessage 200 Successfully created secret
* @responseMessage 409 Secret with given name already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public AutomationSecretResponse createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequest request) {
SecretController.SecretBuilder builder = secretController.builder(request.name, request.content, automationClient.getName(), request.expiry).withDescription(nullToEmpty(request.description));
if (request.metadata != null) {
builder.withMetadata(request.metadata);
}
Secret secret;
try {
secret = builder.create();
} catch (DataAccessException e) {
logger.info(format("Cannot create secret %s", request.name), e);
throw new ConflictException(format("Cannot create secret %s.", request.name));
}
ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(secret));
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
if (request.description != null) {
extraInfo.put("description", request.description);
}
if (request.metadata != null) {
extraInfo.put("metadata", request.metadata.toString());
}
extraInfo.put("expiry", Long.toString(request.expiry));
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, automationClient.getName(), request.name, extraInfo));
return AutomationSecretResponse.fromSecret(secret, groups);
}
Also used :
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
Group(keywhiz.api.model.Group)
ConflictException(keywhiz.service.exceptions.ConflictException)
HashMap(java.util.HashMap)
Event(keywhiz.log.Event)
SecretController(keywhiz.service.daos.SecretController)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 34 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class AutomationSecretResource method deleteSecretSeries.
/**
* Deletes all versions of a secret series
*
* @excludeParams automationClient
* @param secretName the name of the secret series to delete
*
* @description Deletes all versions of a secret series. This will delete a single secret ID.
* @responseMessage 200 Deleted secret series
* @responseMessage 404 Secret series not Found
*/
@Path("{secretName}")
@Timed
@ExceptionMetered
@DELETE
public Response deleteSecretSeries(@Auth AutomationClient automationClient, @PathParam("secretName") String secretName) {
Secret secret = secretController.getSecretByName(secretName).orElseThrow(() -> new NotFoundException("Secret series not found."));
Set<String> groups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
secretDAO.deleteSecretsByName(secretName);
// Record all groups to which this secret belongs, so they can be restored manually if necessary
Map<String, String> extraInfo = new HashMap<>();
extraInfo.put("deprecated", "true");
extraInfo.put("groups", groups.toString());
extraInfo.put("current version", secret.getVersion().toString());
auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_DELETE, automationClient.getName(), secretName, extraInfo));
return Response.ok().build();
}
Also used :
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
HashMap(java.util.HashMap)
NotFoundException(javax.ws.rs.NotFoundException)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
DELETE(javax.ws.rs.DELETE)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 35 with ExceptionMetered
use of com.codahale.metrics.annotation.ExceptionMetered in project keywhiz by square.
the class ClientResource method createClient.
/**
* Creates a client and assigns to given groups
*
* @excludeParams automationClient
* @param request JSON request to create a client
*
* @responseMessage 201 Created client and assigned to given groups
* @responseMessage 409 Client already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createClient(@Auth AutomationClient automationClient, @Valid CreateClientRequestV2 request) {
String creator = automationClient.getName();
String client = request.name();
clientDAOReadWrite.getClient(client).ifPresent((c) -> {
logger.info("Automation ({}) - Client {} already exists", creator, client);
throw new ConflictException("Client name already exists.");
});
// Creates new client record
long clientId = clientDAOReadWrite.createClient(client, creator, request.description());
auditLog.recordEvent(new Event(Instant.now(), EventTag.CLIENT_CREATE, creator, client));
// Enrolls client in any requested groups
groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, creator, new HashMap<>())));
URI uri = UriBuilder.fromResource(ClientResource.class).path(client).build();
return Response.created(uri).build();
}
Also used :
NotImplementedException(org.apache.commons.lang3.NotImplementedException)
PathParam(javax.ws.rs.PathParam)
AclDAO(keywhiz.service.daos.AclDAO)
Produces(javax.ws.rs.Produces)
ClientDAO(keywhiz.service.daos.ClientDAO)
GET(javax.ws.rs.GET)
ClientDetailResponseV2(keywhiz.api.automation.v2.ClientDetailResponseV2)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
Auth(io.dropwizard.auth.Auth)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
HashMap(java.util.HashMap)
Inject(javax.inject.Inject)
Valid(javax.validation.Valid)
AutomationClient(keywhiz.api.model.AutomationClient)
ClientDAOFactory(keywhiz.service.daos.ClientDAO.ClientDAOFactory)
Consumes(javax.ws.rs.Consumes)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
UriBuilder(javax.ws.rs.core.UriBuilder)
URI(java.net.URI)
Client(keywhiz.api.model.Client)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
CreateClientRequestV2(keywhiz.api.automation.v2.CreateClientRequestV2)
AuditLog(keywhiz.log.AuditLog)
ModifyClientRequestV2(keywhiz.api.automation.v2.ModifyClientRequestV2)
Group(keywhiz.api.model.Group)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
Set(java.util.Set)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
EventTag(keywhiz.log.EventTag)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
PUT(javax.ws.rs.PUT)
ConflictException(keywhiz.service.exceptions.ConflictException)
Event(keywhiz.log.Event)
URI(java.net.URI)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Aggregations
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)54
Timed (com.codahale.metrics.annotation.Timed)53
Path (javax.ws.rs.Path)36
Event (keywhiz.log.Event)29
HashMap (java.util.HashMap)28
NotFoundException (javax.ws.rs.NotFoundException)27
POST (javax.ws.rs.POST)25
Consumes (javax.ws.rs.Consumes)20
Produces (javax.ws.rs.Produces)20
DELETE (javax.ws.rs.DELETE)18
GET (javax.ws.rs.GET)17
Group (keywhiz.api.model.Group)16
SanitizedSecret (keywhiz.api.model.SanitizedSecret)16
Response (javax.ws.rs.core.Response)12
AutomationClient (keywhiz.api.model.AutomationClient)12
ConflictException (keywhiz.service.exceptions.ConflictException)12
Client (keywhiz.api.model.Client)11
Secret (keywhiz.api.model.Secret)11
URI (java.net.URI)9
PUT (javax.ws.rs.PUT)9
