use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsController method get.
/**
* Gets a decrypted Secret
* @param user The user associated with the secret
* @param secretName The Secret identifier
* @return The Secret decrypted along with some metadata
* @throws UserException
*/
public SecretPlaintext get(Users user, String secretName) throws UserException {
checkIfUserIsNull(user);
checkIfNameIsNullOrEmpty(secretName);
SecretId id = new SecretId(user.getUid(), secretName);
Secret storedSecret = secretsFacade.findById(id);
checkIfSecretIsNull(storedSecret, secretName, user);
try {
return decrypt(user, storedSecret);
} catch (IOException | GeneralSecurityException ex) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
}
}
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsController method createSecretForProject.
/**
* @param user
* @param secretName
* @param secret
* @param projectIdScope
* @return
* @throws UserException
*/
public Secret createSecretForProject(Users user, String secretName, String secret, Integer projectIdScope) throws UserException, ProjectException {
Project project = projectFacade.find(projectIdScope);
if (project == null) {
throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectIdScope + " does not exist!", "User " + user.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectIdScope + "does not exist");
}
if (!projectTeamFacade.isUserMemberOfProject(project, user)) {
throw new ProjectException(RESTCodes.ProjectErrorCode.TEAM_MEMBER_NOT_FOUND, Level.FINE, "User not a member of " + "project with ID " + projectIdScope + ".");
}
SecretId secretId = new SecretId(user.getUid(), secretName);
if (secretsFacade.findById(secretId) != null) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_EXISTS, Level.FINE, "Secret already exists", "Secret with name " + secretName + " already exists for user " + user.getUsername());
}
return validateAndCreateSecret(secretId, user, secret, VisibilityType.PROJECT, projectIdScope);
}
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsController method delete.
/**
* Deletes a Secret associated with a user. It does NOT throw an exception if
* the secret does not exist
*
* @param user The user who owns the key
* @param secretName The name of the Secret
* @throws UserException
*/
public void delete(Users user, String secretName) throws UserException {
checkIfUserIsNull(user);
checkIfNameIsNullOrEmpty(secretName);
SecretId secretId = new SecretId(user.getUid(), secretName);
try {
secretsFacade.deleteSecret(secretId);
} catch (EJBException de) {
Throwable rootCause = getRootCause(de);
if (rootCause instanceof SQLIntegrityConstraintViolationException) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_DELETION_FAILED, Level.FINE, "Cannot delete secret. " + "Secret is in use by a connector. Try deleting the connector first. ", rootCause.getMessage());
} else {
throw de;
}
}
}
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsController method getShared.
/**
* Gets a decrypted shared secret depending on its Visibility. It will throw an exception
* if the Visibility was set to PRIVATE or the caller is not member of the Project
* the Secret is shared with.
*
* @param caller The user who requested the Secret
* @param ownerUser the user owner of the secret
* @param secretName Identifier of the Secret
* @return The decrypted Secret
* @throws UserException
* @throws ServiceException
* @throws ProjectException
*/
public SecretPlaintext getShared(Users caller, Users ownerUser, String secretName) throws UserException, ServiceException, ProjectException {
checkIfUserIsNull(caller);
checkIfNameIsNullOrEmpty(secretName);
checkIfUserIsNull(ownerUser);
Secret storedSecret = secretsFacade.findById(new SecretId(ownerUser.getUid(), secretName));
checkIfSecretIsNull(storedSecret, secretName, ownerUser);
if (storedSecret.getVisibilityType() == null || storedSecret.getVisibilityType().equals(VisibilityType.PRIVATE)) {
throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Secret is Private", "User " + caller.getUsername() + " requested PRIVATE secret <" + ownerUser.getUid() + ", " + secretName + ">");
}
Integer projectId = storedSecret.getProjectIdScope();
if (projectId == null) {
throw new ServiceException(RESTCodes.ServiceErrorCode.SERVICE_GENERIC_ERROR, Level.WARNING, "Visibility's Project ID is empty", "Secret " + secretName + " visibility is PROJECT but Project ID is null");
}
Project project = projectFacade.find(projectId);
if (project == null) {
throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectId + " does not exist!", "User " + caller.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectId + "does not exist");
}
// Check if caller is member of the Project
for (ProjectTeam projectTeam : project.getProjectTeamCollection()) {
if (caller.getUid().equals(projectTeam.getUser().getUid())) {
try {
return decrypt(ownerUser, storedSecret);
} catch (IOException | GeneralSecurityException ex) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
}
}
}
// Check if caller is a member of some shared project
throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Not authorized to access Secret " + secretName, "User " + caller.getUsername() + " tried to access shared Secret " + secretName + " but they are not member of Project " + project.getName());
}
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class OnlineFeaturestoreController method removeOnlineFeaturestoreUser.
public void removeOnlineFeaturestoreUser(Featurestore featurestore, Users user) throws FeaturestoreException {
String db = getOnlineFeaturestoreDbName(featurestore.getProject());
if (!checkIfDatabaseExists(db)) {
// Nothing to remove
return;
}
String dbUser = onlineDbUsername(featurestore.getProject().getName(), user.getUsername());
SecretId id = new SecretId(user.getUid(), dbUser);
secretsFacade.deleteSecret(id);
onlineFeaturestoreFacade.removeOnlineFeaturestoreUser(dbUser);
featurestoreConnectorFacade.deleteByFeaturestoreName(featurestore, dbUser + FeaturestoreConstants.ONLINE_FEATURE_STORE_CONNECTOR_SUFFIX);
}
Aggregations