use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.
the class SecretResourceTest method modifySecretGroups_notFound.
//---------------------------------------------------------------------------------------
// modifySecretGroups
//---------------------------------------------------------------------------------------
@Test
public void modifySecretGroups_notFound() throws Exception {
ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().build();
RequestBody body = RequestBody.create(JSON, mapper.writeValueAsString(request));
Request put = clientRequest("/automation/v2/secrets/non-existent/groups").put(body).build();
Response httpResponse = mutualSslClient.newCall(put).execute();
assertThat(httpResponse.code()).isEqualTo(404);
}
use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.
the class SecretResource method modifySecretGroups.
/**
* Modify the groups a secret is assigned to
*
* @excludeParams automationClient
* @param name Secret series name
* @param request JSON request to modify groups
*
* @responseMessage 201 Group membership changed
* @responseMessage 404 Secret series not found
*/
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public Iterable<String> modifySecretGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
// TODO: Use latest version instead of non-versioned
Secret secret = secretController.getSecretByName(name).orElseThrow(NotFoundException::new);
String user = automationClient.getName();
long secretId = secret.getId();
Set<String> oldGroups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
// TODO: should optimize AclDAO to use names and return only name column
groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndRevokeAccess(secretId, groupId, auditLog, user, new HashMap<>())));
return aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
}
Aggregations