Search in sources :

Example 1 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class ClientResource method modifyClientGroups.

/**
 * Modify groups a client has membership in
 *
 * @param name    Client name
 * @param request JSON request specifying which groups to add or remove
 * @return Listing of groups client has membership in
 * <p>
 * responseMessage 201 Client modified successfully
 * <p>
 * responseMessage 404 Client not found
 */
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Produces(APPLICATION_JSON)
public Iterable<String> modifyClientGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
    Client client = clientDAOReadWrite.getClientByName(name).orElseThrow(NotFoundException::new);
    String user = automationClient.getName();
    long clientId = client.getId();
    Set<String> oldGroups = aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
    Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
    Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
    // TODO: should optimize AclDAO to use names and return only name column
    groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, user, new HashMap<>())));
    groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEvictClient(clientId, groupId, auditLog, user, new HashMap<>())));
    return aclDAOReadWrite.getGroupsFor(client).stream().map(Group::getName).collect(toSet());
}
Also used : Produces(javax.ws.rs.Produces) Event(keywhiz.log.Event) URISyntaxException(java.net.URISyntaxException) Path(javax.ws.rs.Path) LoggerFactory(org.slf4j.LoggerFactory) GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory) Valid(javax.validation.Valid) ClientDAOFactory(keywhiz.service.daos.ClientDAO.ClientDAOFactory) Consumes(javax.ws.rs.Consumes) ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered) ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) BadRequestException(javax.ws.rs.BadRequestException) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) Client(keywhiz.api.model.Client) APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON) GroupDAO(keywhiz.service.daos.GroupDAO) Collectors.toSet(java.util.stream.Collectors.toSet) DELETE(javax.ws.rs.DELETE) Tracing.setTag(keywhiz.Tracing.setTag) Group(keywhiz.api.model.Group) Tracing.tagErrors(keywhiz.Tracing.tagErrors) Set(java.util.Set) ConflictException(keywhiz.service.exceptions.ConflictException) Instant(java.time.Instant) Sets(com.google.common.collect.Sets) NotFoundException(javax.ws.rs.NotFoundException) String.format(java.lang.String.format) Timed(com.codahale.metrics.annotation.Timed) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) Optional(java.util.Optional) SanitizedSecret(keywhiz.api.model.SanitizedSecret) NotImplementedException(org.apache.commons.lang3.NotImplementedException) PathParam(javax.ws.rs.PathParam) AclDAO(keywhiz.service.daos.AclDAO) ClientDAO(keywhiz.service.daos.ClientDAO) GET(javax.ws.rs.GET) ClientDetailResponseV2(keywhiz.api.automation.v2.ClientDetailResponseV2) Auth(io.dropwizard.auth.Auth) HashMap(java.util.HashMap) Inject(javax.inject.Inject) AutomationClient(keywhiz.api.model.AutomationClient) CreateClientRequestV2(keywhiz.api.automation.v2.CreateClientRequestV2) AuditLog(keywhiz.log.AuditLog) ModifyClientRequestV2(keywhiz.api.automation.v2.ModifyClientRequestV2) POST(javax.ws.rs.POST) Logger(org.slf4j.Logger) AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory) EventTag(keywhiz.log.EventTag) PUT(javax.ws.rs.PUT) NotFoundException(javax.ws.rs.NotFoundException) Client(keywhiz.api.model.Client) AutomationClient(keywhiz.api.model.AutomationClient) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered) PUT(javax.ws.rs.PUT)

Example 2 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class SecretResourceTest method modifySecretGroups_success.

@Test
public void modifySecretGroups_success() throws Exception {
    // Create sample secret and groups
    createGroup("group8a");
    createGroup("group8b");
    createGroup("group8c");
    create(CreateSecretRequestV2.builder().name("secret8").content(encoder.encodeToString("supa secret8".getBytes(UTF_8))).groups("group8a", "group8b").build());
    // Modify secret
    ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().addGroups("group8c", "non-existent1").removeGroups("group8a", "non-existent2").build();
    List<String> groups = modifyGroups("secret8", request);
    assertThat(groups).containsOnly("group8b", "group8c");
}
Also used : ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) Test(org.junit.Test)

Example 3 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class ClientResourceTest method modifyClientGroups_success.

@Test
public void modifyClientGroups_success() throws Exception {
    // Create sample client and groups
    createGroup("group8a");
    createGroup("group8b");
    createGroup("group8c");
    create(CreateClientRequestV2.builder().name("client8").groups("group8a", "group8b").build());
    // Modify client
    ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().addGroups("group8c", "non-existent1").removeGroups("group8a", "non-existent2").build();
    List<String> groups = modifyGroups("client8", request);
    assertThat(groups).containsOnly("group8b", "group8c");
}
Also used : ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) Test(org.junit.Test)

Example 4 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class ClientResourceTest method modifyClientGroups_notFound.

@Test
public void modifyClientGroups_notFound() throws Exception {
    ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().build();
    RequestBody body = RequestBody.create(JSON, mapper.writeValueAsString(request));
    Request put = clientRequest("/automation/v2/clients/non-existent/groups").put(body).build();
    Response httpResponse = mutualSslClient.newCall(put).execute();
    assertThat(httpResponse.code()).isEqualTo(404);
}
Also used : Response(okhttp3.Response) ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) Request(okhttp3.Request) TestClients.clientRequest(keywhiz.TestClients.clientRequest) RequestBody(okhttp3.RequestBody) Test(org.junit.Test)

Example 5 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class SecretResourceTest method deleteSecretSeries_success.

@Test
public void deleteSecretSeries_success() throws Exception {
    // Sample secret
    create(CreateSecretRequestV2.builder().name("secret12").content(encoder.encodeToString("supa secret12".getBytes(UTF_8))).build());
    createGroup("testGroup");
    ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().addGroups("testGroup", "secret12").build();
    modifyGroups("secret12", request);
    // Delete works
    assertThat(deleteSeries("secret12").code()).isEqualTo(204);
    // Subsequent deletes can't find the secret series
    assertThat(deleteSeries("secret12").code()).isEqualTo(404);
}
Also used : ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) Test(org.junit.Test)

Aggregations

ModifyGroupsRequestV2 (keywhiz.api.automation.v2.ModifyGroupsRequestV2)7 Test (org.junit.Test)5 ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)2 Timed (com.codahale.metrics.annotation.Timed)2 Sets (com.google.common.collect.Sets)2 Auth (io.dropwizard.auth.Auth)2 String.format (java.lang.String.format)2 Instant (java.time.Instant)2 HashMap (java.util.HashMap)2 Optional (java.util.Optional)2 Set (java.util.Set)2 Collectors.toSet (java.util.stream.Collectors.toSet)2 Stream (java.util.stream.Stream)2 Inject (javax.inject.Inject)2 Valid (javax.validation.Valid)2 BadRequestException (javax.ws.rs.BadRequestException)2 Consumes (javax.ws.rs.Consumes)2 DELETE (javax.ws.rs.DELETE)2 GET (javax.ws.rs.GET)2 NotFoundException (javax.ws.rs.NotFoundException)2