Search in sources :

Example 6 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class SecretResourceTest method modifySecretGroups_notFound.

//---------------------------------------------------------------------------------------
// modifySecretGroups
//---------------------------------------------------------------------------------------
@Test
public void modifySecretGroups_notFound() throws Exception {
    ModifyGroupsRequestV2 request = ModifyGroupsRequestV2.builder().build();
    RequestBody body = RequestBody.create(JSON, mapper.writeValueAsString(request));
    Request put = clientRequest("/automation/v2/secrets/non-existent/groups").put(body).build();
    Response httpResponse = mutualSslClient.newCall(put).execute();
    assertThat(httpResponse.code()).isEqualTo(404);
}
Also used : Response(okhttp3.Response) ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) Request(okhttp3.Request) TestClients.clientRequest(keywhiz.TestClients.clientRequest) RequestBody(okhttp3.RequestBody) Test(org.junit.Test)

Example 7 with ModifyGroupsRequestV2

use of keywhiz.api.automation.v2.ModifyGroupsRequestV2 in project keywhiz by square.

the class SecretResource method modifySecretGroups.

/**
   * Modify the groups a secret is assigned to
   *
   * @excludeParams automationClient
   * @param name Secret series name
   * @param request JSON request to modify groups
   *
   * @responseMessage 201 Group membership changed
   * @responseMessage 404 Secret series not found
   */
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public Iterable<String> modifySecretGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
    // TODO: Use latest version instead of non-versioned
    Secret secret = secretController.getSecretByName(name).orElseThrow(NotFoundException::new);
    String user = automationClient.getName();
    long secretId = secret.getId();
    Set<String> oldGroups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
    Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
    Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
    // TODO: should optimize AclDAO to use names and return only name column
    groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
    groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndRevokeAccess(secretId, groupId, auditLog, user, new HashMap<>())));
    return aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
}
Also used : Secret(keywhiz.api.model.Secret) SanitizedSecret(keywhiz.api.model.SanitizedSecret) Secret(keywhiz.api.model.Secret) Produces(javax.ws.rs.Produces) Event(keywhiz.log.Event) Path(javax.ws.rs.Path) LoggerFactory(org.slf4j.LoggerFactory) GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory) Valid(javax.validation.Valid) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) Map(java.util.Map) DefaultValue(javax.ws.rs.DefaultValue) ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered) ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2) BadRequestException(javax.ws.rs.BadRequestException) UriBuilder(javax.ws.rs.core.UriBuilder) APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON) ContentCryptographer(keywhiz.service.crypto.ContentCryptographer) GroupDAO(keywhiz.service.daos.GroupDAO) Collectors.toSet(java.util.stream.Collectors.toSet) DELETE(javax.ws.rs.DELETE) Group(keywhiz.api.model.Group) SecretVersion(keywhiz.api.model.SecretVersion) CreateSecretRequestV2(keywhiz.api.automation.v2.CreateSecretRequestV2) HOURS(java.time.temporal.ChronoUnit.HOURS) Set(java.util.Set) ConflictException(keywhiz.service.exceptions.ConflictException) Instant(java.time.Instant) Sets(com.google.common.collect.Sets) NotFoundException(javax.ws.rs.NotFoundException) String.format(java.lang.String.format) Timed(com.codahale.metrics.annotation.Timed) Base64(java.util.Base64) List(java.util.List) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) Optional(java.util.Optional) SanitizedSecret(keywhiz.api.model.SanitizedSecret) SecretDAOFactory(keywhiz.service.daos.SecretDAO.SecretDAOFactory) SecretContent(keywhiz.api.model.SecretContent) PathParam(javax.ws.rs.PathParam) SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2) AclDAO(keywhiz.service.daos.AclDAO) SanitizedSecretWithGroups(keywhiz.api.model.SanitizedSecretWithGroups) GET(javax.ws.rs.GET) Auth(io.dropwizard.auth.Auth) PartialUpdateSecretRequestV2(keywhiz.api.automation.v2.PartialUpdateSecretRequestV2) HashMap(java.util.HashMap) SecretSeriesDAO(keywhiz.service.daos.SecretSeriesDAO) Inject(javax.inject.Inject) AutomationClient(keywhiz.api.model.AutomationClient) ImmutableList(com.google.common.collect.ImmutableList) SecretDAO(keywhiz.service.daos.SecretDAO) SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder) AuditLog(keywhiz.log.AuditLog) DataAccessException(org.jooq.exception.DataAccessException) POST(javax.ws.rs.POST) Logger(org.slf4j.Logger) SecretSeriesDAOFactory(keywhiz.service.daos.SecretSeriesDAO.SecretSeriesDAOFactory) Readonly(keywhiz.service.config.Readonly) UTF_8(java.nio.charset.StandardCharsets.UTF_8) AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory) SetSecretVersionRequestV2(keywhiz.api.automation.v2.SetSecretVersionRequestV2) SecretController(keywhiz.service.daos.SecretController) EventTag(keywhiz.log.EventTag) Collectors.toList(java.util.stream.Collectors.toList) CreateOrUpdateSecretRequestV2(keywhiz.api.automation.v2.CreateOrUpdateSecretRequestV2) SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent) PUT(javax.ws.rs.PUT) NotFoundException(javax.ws.rs.NotFoundException) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered) PUT(javax.ws.rs.PUT)

Aggregations

ModifyGroupsRequestV2 (keywhiz.api.automation.v2.ModifyGroupsRequestV2)7 Test (org.junit.Test)5 ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)2 Timed (com.codahale.metrics.annotation.Timed)2 Sets (com.google.common.collect.Sets)2 Auth (io.dropwizard.auth.Auth)2 String.format (java.lang.String.format)2 Instant (java.time.Instant)2 HashMap (java.util.HashMap)2 Optional (java.util.Optional)2 Set (java.util.Set)2 Collectors.toSet (java.util.stream.Collectors.toSet)2 Stream (java.util.stream.Stream)2 Inject (javax.inject.Inject)2 Valid (javax.validation.Valid)2 Consumes (javax.ws.rs.Consumes)2 DELETE (javax.ws.rs.DELETE)2 GET (javax.ws.rs.GET)2 NotFoundException (javax.ws.rs.NotFoundException)2 POST (javax.ws.rs.POST)2