Examples with SecretId io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId used on opensource projects

Example 1 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method get.

/**
 * Gets a decrypted Secret
 * @param user The user associated with the secret
 * @param secretName The Secret identifier
 * @return The Secret decrypted along with some metadata
 * @throws UserException
 */
public SecretPlaintext get(Users user, String secretName) throws UserException {
    checkIfUserIsNull(user);
    checkIfNameIsNullOrEmpty(secretName);
    SecretId id = new SecretId(user.getUid(), secretName);
    Secret storedSecret = secretsFacade.findById(id);
    checkIfSecretIsNull(storedSecret, secretName, user);
    try {
        return decrypt(user, storedSecret);
    } catch (IOException | GeneralSecurityException ex) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
    }
}

Example 2 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method createSecretForProject.

/**
 * @param user
 * @param secretName
 * @param secret
 * @param projectIdScope
 * @return
 * @throws UserException
 */
public Secret createSecretForProject(Users user, String secretName, String secret, Integer projectIdScope) throws UserException, ProjectException {
    Project project = projectFacade.find(projectIdScope);
    if (project == null) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectIdScope + " does not exist!", "User " + user.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectIdScope + "does not exist");
    }
    if (!projectTeamFacade.isUserMemberOfProject(project, user)) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.TEAM_MEMBER_NOT_FOUND, Level.FINE, "User not a member of " + "project with ID " + projectIdScope + ".");
    }
    SecretId secretId = new SecretId(user.getUid(), secretName);
    if (secretsFacade.findById(secretId) != null) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_EXISTS, Level.FINE, "Secret already exists", "Secret with name " + secretName + " already exists for user " + user.getUsername());
    }
    return validateAndCreateSecret(secretId, user, secret, VisibilityType.PROJECT, projectIdScope);
}

Example 3 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method delete.

/**
 * Deletes a Secret associated with a user. It does NOT throw an exception if
 * the secret does not exist
 *
 * @param user The user who owns the key
 * @param secretName The name of the Secret
 * @throws UserException
 */
public void delete(Users user, String secretName) throws UserException {
    checkIfUserIsNull(user);
    checkIfNameIsNullOrEmpty(secretName);
    SecretId secretId = new SecretId(user.getUid(), secretName);
    try {
        secretsFacade.deleteSecret(secretId);
    } catch (EJBException de) {
        Throwable rootCause = getRootCause(de);
        if (rootCause instanceof SQLIntegrityConstraintViolationException) {
            throw new UserException(RESTCodes.UserErrorCode.SECRET_DELETION_FAILED, Level.FINE, "Cannot delete secret. " + "Secret is in use by a connector. Try deleting the connector first. ", rootCause.getMessage());
        } else {
            throw de;
        }
    }
}

Example 4 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method getShared.

/**
 * Gets a decrypted shared secret depending on its Visibility. It will throw an exception
 * if the Visibility was set to PRIVATE or the caller is not member of the Project
 * the Secret is shared with.
 *
 * @param caller The user who requested the Secret
 * @param ownerUser the user owner of the secret
 * @param secretName Identifier of the Secret
 * @return The decrypted Secret
 * @throws UserException
 * @throws ServiceException
 * @throws ProjectException
 */
public SecretPlaintext getShared(Users caller, Users ownerUser, String secretName) throws UserException, ServiceException, ProjectException {
    checkIfUserIsNull(caller);
    checkIfNameIsNullOrEmpty(secretName);
    checkIfUserIsNull(ownerUser);
    Secret storedSecret = secretsFacade.findById(new SecretId(ownerUser.getUid(), secretName));
    checkIfSecretIsNull(storedSecret, secretName, ownerUser);
    if (storedSecret.getVisibilityType() == null || storedSecret.getVisibilityType().equals(VisibilityType.PRIVATE)) {
        throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Secret is Private", "User " + caller.getUsername() + " requested PRIVATE secret <" + ownerUser.getUid() + ", " + secretName + ">");
    }
    Integer projectId = storedSecret.getProjectIdScope();
    if (projectId == null) {
        throw new ServiceException(RESTCodes.ServiceErrorCode.SERVICE_GENERIC_ERROR, Level.WARNING, "Visibility's Project ID is empty", "Secret " + secretName + " visibility is PROJECT but Project ID is null");
    }
    Project project = projectFacade.find(projectId);
    if (project == null) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectId + " does not exist!", "User " + caller.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectId + "does not exist");
    }
    // Check if caller is member of the Project
    for (ProjectTeam projectTeam : project.getProjectTeamCollection()) {
        if (caller.getUid().equals(projectTeam.getUser().getUid())) {
            try {
                return decrypt(ownerUser, storedSecret);
            } catch (IOException | GeneralSecurityException ex) {
                throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
            }
        }
    }
    // Check if caller is a member of some shared project
    throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Not authorized to access Secret " + secretName, "User " + caller.getUsername() + " tried to access shared Secret " + secretName + " but they are not member of Project " + project.getName());
}

Example 5 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class OnlineFeaturestoreController method removeOnlineFeaturestoreUser.

public void removeOnlineFeaturestoreUser(Featurestore featurestore, Users user) throws FeaturestoreException {
    String db = getOnlineFeaturestoreDbName(featurestore.getProject());
    if (!checkIfDatabaseExists(db)) {
        // Nothing to remove
        return;
    }
    String dbUser = onlineDbUsername(featurestore.getProject().getName(), user.getUsername());
    SecretId id = new SecretId(user.getUid(), dbUser);
    secretsFacade.deleteSecret(id);
    onlineFeaturestoreFacade.removeOnlineFeaturestoreUser(dbUser);
    featurestoreConnectorFacade.deleteByFeaturestoreName(featurestore, dbUser + FeaturestoreConstants.ONLINE_FEATURE_STORE_CONNECTOR_SUFFIX);
}