Search in sources :

Example 1 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method get.

/**
 * Gets a decrypted Secret
 * @param user The user associated with the secret
 * @param secretName The Secret identifier
 * @return The Secret decrypted along with some metadata
 * @throws UserException
 */
public SecretPlaintext get(Users user, String secretName) throws UserException {
    checkIfUserIsNull(user);
    checkIfNameIsNullOrEmpty(secretName);
    SecretId id = new SecretId(user.getUid(), secretName);
    Secret storedSecret = secretsFacade.findById(id);
    checkIfSecretIsNull(storedSecret, secretName, user);
    try {
        return decrypt(user, storedSecret);
    } catch (IOException | GeneralSecurityException ex) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
    }
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) UserException(io.hops.hopsworks.exceptions.UserException)

Example 2 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method createSecretForProject.

/**
 * @param user
 * @param secretName
 * @param secret
 * @param projectIdScope
 * @return
 * @throws UserException
 */
public Secret createSecretForProject(Users user, String secretName, String secret, Integer projectIdScope) throws UserException, ProjectException {
    Project project = projectFacade.find(projectIdScope);
    if (project == null) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectIdScope + " does not exist!", "User " + user.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectIdScope + "does not exist");
    }
    if (!projectTeamFacade.isUserMemberOfProject(project, user)) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.TEAM_MEMBER_NOT_FOUND, Level.FINE, "User not a member of " + "project with ID " + projectIdScope + ".");
    }
    SecretId secretId = new SecretId(user.getUid(), secretName);
    if (secretsFacade.findById(secretId) != null) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_EXISTS, Level.FINE, "Secret already exists", "Secret with name " + secretName + " already exists for user " + user.getUsername());
    }
    return validateAndCreateSecret(secretId, user, secret, VisibilityType.PROJECT, projectIdScope);
}
Also used : ProjectException(io.hops.hopsworks.exceptions.ProjectException) Project(io.hops.hopsworks.persistence.entity.project.Project) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) UserException(io.hops.hopsworks.exceptions.UserException)

Example 3 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method delete.

/**
 * Deletes a Secret associated with a user. It does NOT throw an exception if
 * the secret does not exist
 *
 * @param user The user who owns the key
 * @param secretName The name of the Secret
 * @throws UserException
 */
public void delete(Users user, String secretName) throws UserException {
    checkIfUserIsNull(user);
    checkIfNameIsNullOrEmpty(secretName);
    SecretId secretId = new SecretId(user.getUid(), secretName);
    try {
        secretsFacade.deleteSecret(secretId);
    } catch (EJBException de) {
        Throwable rootCause = getRootCause(de);
        if (rootCause instanceof SQLIntegrityConstraintViolationException) {
            throw new UserException(RESTCodes.UserErrorCode.SECRET_DELETION_FAILED, Level.FINE, "Cannot delete secret. " + "Secret is in use by a connector. Try deleting the connector first. ", rootCause.getMessage());
        } else {
            throw de;
        }
    }
}
Also used : SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) UserException(io.hops.hopsworks.exceptions.UserException) EJBException(javax.ejb.EJBException)

Example 4 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method getShared.

/**
 * Gets a decrypted shared secret depending on its Visibility. It will throw an exception
 * if the Visibility was set to PRIVATE or the caller is not member of the Project
 * the Secret is shared with.
 *
 * @param caller The user who requested the Secret
 * @param ownerUser the user owner of the secret
 * @param secretName Identifier of the Secret
 * @return The decrypted Secret
 * @throws UserException
 * @throws ServiceException
 * @throws ProjectException
 */
public SecretPlaintext getShared(Users caller, Users ownerUser, String secretName) throws UserException, ServiceException, ProjectException {
    checkIfUserIsNull(caller);
    checkIfNameIsNullOrEmpty(secretName);
    checkIfUserIsNull(ownerUser);
    Secret storedSecret = secretsFacade.findById(new SecretId(ownerUser.getUid(), secretName));
    checkIfSecretIsNull(storedSecret, secretName, ownerUser);
    if (storedSecret.getVisibilityType() == null || storedSecret.getVisibilityType().equals(VisibilityType.PRIVATE)) {
        throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Secret is Private", "User " + caller.getUsername() + " requested PRIVATE secret <" + ownerUser.getUid() + ", " + secretName + ">");
    }
    Integer projectId = storedSecret.getProjectIdScope();
    if (projectId == null) {
        throw new ServiceException(RESTCodes.ServiceErrorCode.SERVICE_GENERIC_ERROR, Level.WARNING, "Visibility's Project ID is empty", "Secret " + secretName + " visibility is PROJECT but Project ID is null");
    }
    Project project = projectFacade.find(projectId);
    if (project == null) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectId + " does not exist!", "User " + caller.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectId + "does not exist");
    }
    // Check if caller is member of the Project
    for (ProjectTeam projectTeam : project.getProjectTeamCollection()) {
        if (caller.getUid().equals(projectTeam.getUser().getUid())) {
            try {
                return decrypt(ownerUser, storedSecret);
            } catch (IOException | GeneralSecurityException ex) {
                throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
            }
        }
    }
    // Check if caller is a member of some shared project
    throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Not authorized to access Secret " + secretName, "User " + caller.getUsername() + " tried to access shared Secret " + secretName + " but they are not member of Project " + project.getName());
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) ProjectException(io.hops.hopsworks.exceptions.ProjectException) Project(io.hops.hopsworks.persistence.entity.project.Project) ProjectTeam(io.hops.hopsworks.persistence.entity.project.team.ProjectTeam) ServiceException(io.hops.hopsworks.exceptions.ServiceException) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) GeneralSecurityException(java.security.GeneralSecurityException) UserException(io.hops.hopsworks.exceptions.UserException) IOException(java.io.IOException)

Example 5 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class OnlineFeaturestoreController method removeOnlineFeaturestoreUser.

public void removeOnlineFeaturestoreUser(Featurestore featurestore, Users user) throws FeaturestoreException {
    String db = getOnlineFeaturestoreDbName(featurestore.getProject());
    if (!checkIfDatabaseExists(db)) {
        // Nothing to remove
        return;
    }
    String dbUser = onlineDbUsername(featurestore.getProject().getName(), user.getUsername());
    SecretId id = new SecretId(user.getUid(), dbUser);
    secretsFacade.deleteSecret(id);
    onlineFeaturestoreFacade.removeOnlineFeaturestoreUser(dbUser);
    featurestoreConnectorFacade.deleteByFeaturestoreName(featurestore, dbUser + FeaturestoreConstants.ONLINE_FEATURE_STORE_CONNECTOR_SUFFIX);
}
Also used : SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)

Aggregations

SecretId (io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)9 Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)6 UserException (io.hops.hopsworks.exceptions.UserException)5 ProjectException (io.hops.hopsworks.exceptions.ProjectException)2 Project (io.hops.hopsworks.persistence.entity.project.Project)2 IOException (java.io.IOException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 HashMap (java.util.HashMap)2 MasterPasswordChangeResult (io.hops.hopsworks.common.security.MasterPasswordChangeResult)1 SymmetricEncryptionDescriptor (io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)1 EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1 ServiceException (io.hops.hopsworks.exceptions.ServiceException)1 ProjectTeam (io.hops.hopsworks.persistence.entity.project.team.ProjectTeam)1 SQLIntegrityConstraintViolationException (java.sql.SQLIntegrityConstraintViolationException)1 Map (java.util.Map)1 EJBException (javax.ejb.EJBException)1 TransactionAttribute (javax.ejb.TransactionAttribute)1