Search in sources :

Example 1 with WithTimer

use of com.walmartlabs.concord.server.sdk.metrics.WithTimer in project concord by walmartlabs.

the class AuditLogResource method list.

/**
 * Returns a list of audit log events for the specified filters.
 * <p>
 * The endpoint performs additional permission checks if an entity filter
 * (org, project, etc) is specified. If no filters specified the admin
 * privileges are required.
 * <p>
 * The endpoint ignores all "unknown" filters. Only the {@link #ALLOWED_DETAILS_KEYS}
 * are allowed.
 */
@GET
@ApiOperation(value = "List audit log entries for the specified organization", responseContainer = "list", response = AuditLogEntry.class)
@Produces(MediaType.APPLICATION_JSON)
@WithTimer
public List<AuditLogEntry> list(@ApiParam @QueryParam("object") AuditObject object, @ApiParam @QueryParam("action") AuditAction action, @ApiParam @QueryParam("userId") UUID userId, @ApiParam @QueryParam("username") String username, @ApiParam @QueryParam("after") OffsetDateTimeParam afterTimestamp, @ApiParam @QueryParam("before") OffsetDateTimeParam beforeTimestamp, @ApiParam @QueryParam("offset") @DefaultValue("0") int offset, @ApiParam @QueryParam("limit") @DefaultValue("30") int limit, @Context UriInfo uriInfo) {
    Map<String, String> details = getDetails(uriInfo);
    UUID effectiveUserId = userId;
    if (effectiveUserId == null && username != null) {
        effectiveUserId = userDao.getId(username, null, null);
        if (effectiveUserId == null) {
            // no such user in our DB, there shouldn't be any audit logs anyway
            return Collections.emptyList();
        }
    }
    UUID effectiveOrgId = getEffectiveOrgId(details);
    UUID effectiveProjectId = getEffectiveProjectId(effectiveOrgId, details);
    UUID effectiveSecretId = getEffectiveSecretId(effectiveOrgId, details);
    UUID effectiveJsonStoreId = getEffectiveJsonStoreId(effectiveOrgId, details);
    UUID effectiveTeamId = getEffectiveTeamId(effectiveOrgId, details);
    String source = details.get("source");
    Object eventId = details.get("eventId");
    // only admins are allowed to proceed without any entity filters
    if (effectiveOrgId == null && effectiveProjectId == null && effectiveSecretId == null && effectiveJsonStoreId == null && effectiveTeamId == null && source == null && eventId == null) {
        if (!Roles.isAdmin()) {
            throw new UnauthorizedException("Only admins can retrieve audit events without filtering by entity.");
        }
    }
    ImmutableAuditLogFilter.Builder filterBuilder = AuditLogFilter.builder();
    if (effectiveOrgId != null) {
        filterBuilder.putDetails("orgId", effectiveOrgId);
    }
    if (effectiveProjectId != null) {
        filterBuilder.putDetails("projectId", effectiveProjectId);
    }
    if (effectiveSecretId != null) {
        filterBuilder.putDetails("secretId", effectiveSecretId);
    }
    if (effectiveJsonStoreId != null) {
        filterBuilder.putDetails("jsonStoreId", effectiveJsonStoreId);
    }
    if (effectiveTeamId != null) {
        filterBuilder.putDetails("teamId", effectiveTeamId);
    }
    if (source != null) {
        filterBuilder.putDetails("source", source);
    }
    if (eventId != null) {
        filterBuilder.putDetails("eventId", eventId);
    }
    if (details.get("githubEvent") != null) {
        filterBuilder.putDetails("githubEvent", details.get("githubEvent"));
    }
    if (details.get("fullRepoName") != null) {
        filterBuilder.putDetails("payload", Collections.singletonMap("repository", Collections.singletonMap("full_name", details.get("fullRepoName"))));
    }
    assertTimeInterval(unwrap(afterTimestamp), unwrap(beforeTimestamp));
    return auditDao.list(filterBuilder.userId(effectiveUserId).object(object).action(action).after(unwrap(afterTimestamp)).before(unwrap(beforeTimestamp)).limit(limit).offset(offset).build());
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) UUID(java.util.UUID) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer) ApiOperation(io.swagger.annotations.ApiOperation)

Example 2 with WithTimer

use of com.walmartlabs.concord.server.sdk.metrics.WithTimer in project concord by walmartlabs.

the class Locks method lock.

@WithTimer
public void lock(DSLContext tx, long key) {
    tx.connection(conn -> {
        try (CallableStatement cs = conn.prepareCall(LOCK_SQL)) {
            cs.setLong(1, key);
            cs.execute();
        }
    });
}
Also used : CallableStatement(java.sql.CallableStatement) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Example 3 with WithTimer

use of com.walmartlabs.concord.server.sdk.metrics.WithTimer in project concord by walmartlabs.

the class SecretResource method getData.

@POST
@ApiOperation(value = "Get an existing secret's data", response = File.class)
@ApiResponses(value = { @ApiResponse(code = 200, message = "OK", response = File.class, responseHeaders = @ResponseHeader(name = "X-Concord-SecretType", description = "Secret type", response = String.class)) })
@Path("/{orgName}/secret/{secretName}/data")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_OCTET_STREAM)
@WithTimer
public Response getData(@ApiParam @PathParam("orgName") @ConcordKey String orgName, @ApiParam @PathParam("secretName") @ConcordKey String secretName, @ApiParam MultipartInput input) {
    OrganizationEntry org = orgManager.assertAccess(orgName, false);
    String password = MultipartUtils.getString(input, Constants.Multipart.STORE_PASSWORD);
    SecretDao.SecretDataEntry entry;
    try {
        entry = secretManager.getRaw(SecretManager.AccessScope.apiRequest(), org.getId(), secretName, password);
        if (entry == null) {
            throw new WebApplicationException("Secret not found: " + secretName, Status.NOT_FOUND);
        }
    } catch (SecurityException e) {
        log.warn("fetchSecret -> error: {}", e.getMessage());
        throw new SecretException("Error while fetching a secret '" + secretName + "': " + e.getMessage());
    } catch (ValidationErrorsException e) {
        log.warn("fetchSecret -> error: {}", e.getMessage());
        return null;
    }
    try {
        return Response.ok((StreamingOutput) output -> output.write(entry.getData()), MediaType.APPLICATION_OCTET_STREAM).header(Constants.Headers.SECRET_TYPE, entry.getType().name()).build();
    } catch (Exception e) {
        log.error("fetchSecret ['{}'] -> error while fetching a secret", secretName, e);
        throw new ConcordApplicationException("Error while fetching a secret '" + secretName + "': " + e.getMessage());
    }
}
Also used : Resource(org.sonatype.siesta.Resource) ConcordKey(com.walmartlabs.concord.common.validation.ConcordKey) UserType(com.walmartlabs.concord.server.user.UserType) LoggerFactory(org.slf4j.LoggerFactory) MultipartInput(org.jboss.resteasy.plugins.providers.multipart.MultipartInput) GenericOperationResult(com.walmartlabs.concord.server.GenericOperationResult) DecryptedKeyPair(com.walmartlabs.concord.server.org.secret.SecretManager.DecryptedKeyPair) Singleton(javax.inject.Singleton) Inject(javax.inject.Inject) Valid(javax.validation.Valid) MultipartUtils(com.walmartlabs.concord.server.MultipartUtils) OperationResult(com.walmartlabs.concord.server.OperationResult) MediaType(javax.ws.rs.core.MediaType) Constants(com.walmartlabs.concord.sdk.Constants) ByteArrayInputStream(java.io.ByteArrayInputStream) TeamDao(com.walmartlabs.concord.server.org.team.TeamDao) DecryptedUsernamePassword(com.walmartlabs.concord.server.org.secret.SecretManager.DecryptedUsernamePassword) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer) io.swagger.annotations(io.swagger.annotations) Named(javax.inject.Named) Status(javax.ws.rs.core.Response.Status) UserManager(com.walmartlabs.concord.server.user.UserManager) Logger(org.slf4j.Logger) Collection(java.util.Collection) Validate(org.sonatype.siesta.Validate) StreamingOutput(javax.ws.rs.core.StreamingOutput) IOException(java.io.IOException) UUID(java.util.UUID) com.walmartlabs.concord.server.org(com.walmartlabs.concord.server.org) File(java.io.File) DecryptedBinaryData(com.walmartlabs.concord.server.org.secret.SecretManager.DecryptedBinaryData) Objects(java.util.Objects) ProjectDao(com.walmartlabs.concord.server.org.project.ProjectDao) List(java.util.List) javax.ws.rs(javax.ws.rs) Response(javax.ws.rs.core.Response) ValidationErrorsException(org.sonatype.siesta.ValidationErrorsException) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) InputStream(java.io.InputStream) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) ValidationErrorsException(org.sonatype.siesta.ValidationErrorsException) IOException(java.io.IOException) ValidationErrorsException(org.sonatype.siesta.ValidationErrorsException) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Example 4 with WithTimer

use of com.walmartlabs.concord.server.sdk.metrics.WithTimer in project concord by walmartlabs.

the class ProjectAccessManager method hasAccess.

@WithTimer
public boolean hasAccess(ProjectEntry project, ResourceAccessLevel level, boolean orgMembersOnly) {
    if (Roles.isAdmin()) {
        // an admin can access any project
        return true;
    }
    UserPrincipal principal = UserPrincipal.assertCurrent();
    if (level == ResourceAccessLevel.READER && (Roles.isGlobalReader() || Roles.isGlobalWriter())) {
        return true;
    } else if (level == ResourceAccessLevel.WRITER && Roles.isGlobalWriter()) {
        return true;
    }
    EntityOwner owner = project.getOwner();
    if (ResourceAccessUtils.isSame(principal, owner)) {
        // the owner can do anything with his projects
        return true;
    }
    if (orgMembersOnly && project.getVisibility() == ProjectVisibility.PUBLIC && level == ResourceAccessLevel.READER && userDao.isInOrganization(principal.getId(), project.getOrgId())) {
        // organization members can READ any public project in the same organization
        return true;
    }
    OrganizationEntry org = orgManager.assertAccess(project.getOrgId(), false);
    if (ResourceAccessUtils.isSame(principal, org.getOwner())) {
        // the org owner can do anything with the org's projects
        return true;
    }
    if (orgMembersOnly || project.getVisibility() != ProjectVisibility.PUBLIC) {
        // the organization's members or the project is not public
        if (!projectDao.hasAccessLevel(project.getId(), principal.getId(), ResourceAccessLevel.atLeast(level))) {
            throw new UnauthorizedException("The current user (" + principal.getUsername() + ") doesn't have " + "the necessary access level (" + level + ") to the project: " + project.getName());
        }
    }
    return true;
}
Also used : UnauthorizedException(org.apache.shiro.authz.UnauthorizedException) UserPrincipal(com.walmartlabs.concord.server.security.UserPrincipal) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Example 5 with WithTimer

use of com.walmartlabs.concord.server.sdk.metrics.WithTimer in project concord by walmartlabs.

the class PayloadRestoreProcessor method process.

@Override
@WithTimer
public Payload process(Chain chain, Payload payload) {
    ProcessKey processKey = payload.getProcessKey();
    Map<String, Object> headers = stateManager.get(processKey, "_initial/payload.json", inputStream -> {
        Map<String, Object> result = deserialize(inputStream);
        return Optional.ofNullable(result);
    }).orElseThrow(() -> new ConcordApplicationException("Initial state not found", Response.Status.INTERNAL_SERVER_ERROR));
    payload = payload.putHeaders(headers);
    Path baseDir = payload.getHeader(Payload.BASE_DIR);
    ProcessStateManager.ItemConsumer cp = ProcessStateManager.copyTo(baseDir);
    Map<String, Path> attachments = new HashMap<>();
    stateManager.exportDirectory(processKey, "_initial/attachments/", (name, unixMode, src) -> {
        cp.accept(name, unixMode, src);
        attachments.put(name, baseDir.resolve(name));
    });
    payload = payload.putAttachments(attachments);
    return chain.process(payload);
}
Also used : ConcordObjectMapper(com.walmartlabs.concord.server.ConcordObjectMapper) Payload(com.walmartlabs.concord.server.process.Payload) ProcessStateManager(com.walmartlabs.concord.server.process.state.ProcessStateManager) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HashMap(java.util.HashMap) ProcessKey(com.walmartlabs.concord.server.sdk.ProcessKey) Jdk8Module(com.fasterxml.jackson.datatype.jdk8.Jdk8Module) Inject(javax.inject.Inject) GuavaModule(com.fasterxml.jackson.datatype.guava.GuavaModule) Response(javax.ws.rs.core.Response) JavaTimeModule(com.fasterxml.jackson.datatype.jsr310.JavaTimeModule) Map(java.util.Map) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer) Optional(java.util.Optional) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) Named(javax.inject.Named) Path(java.nio.file.Path) InputStream(java.io.InputStream) Path(java.nio.file.Path) ProcessStateManager(com.walmartlabs.concord.server.process.state.ProcessStateManager) HashMap(java.util.HashMap) ConcordApplicationException(com.walmartlabs.concord.server.sdk.ConcordApplicationException) ProcessKey(com.walmartlabs.concord.server.sdk.ProcessKey) HashMap(java.util.HashMap) Map(java.util.Map) WithTimer(com.walmartlabs.concord.server.sdk.metrics.WithTimer)

Aggregations

WithTimer (com.walmartlabs.concord.server.sdk.metrics.WithTimer)64 ApiOperation (io.swagger.annotations.ApiOperation)32 ProcessKey (com.walmartlabs.concord.server.sdk.ProcessKey)26 PartialProcessKey (com.walmartlabs.concord.server.sdk.PartialProcessKey)24 ConcordApplicationException (com.walmartlabs.concord.server.sdk.ConcordApplicationException)22 UserPrincipal (com.walmartlabs.concord.server.security.UserPrincipal)16 UnauthorizedException (org.apache.shiro.authz.UnauthorizedException)10 UUID (java.util.UUID)9 ProcessEntry (com.walmartlabs.concord.server.process.ProcessEntry)7 EntryPoint (com.walmartlabs.concord.server.process.PayloadManager.EntryPoint)6 Inject (javax.inject.Inject)5 Named (javax.inject.Named)5 Payload (com.walmartlabs.concord.server.process.Payload)4 Path (java.nio.file.Path)4 ValidationErrorsException (org.sonatype.siesta.ValidationErrorsException)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3 HttpUtils (com.walmartlabs.concord.server.HttpUtils)3 ProcessFilter (com.walmartlabs.concord.server.process.queue.ProcessFilter)3 UserEntry (com.walmartlabs.concord.server.user.UserEntry)3 IOException (java.io.IOException)3