Example 6 with AutomationClient
use of keywhiz.api.model.AutomationClient in project keywhiz by square.
the class AutomationClientResource method findClient.
/**
* Retrieve Client by a specified name, or all Clients if no name given
*
* @param name the name of the Client to retrieve, if provided
* @excludeParams automationClient
* @optionalParams name
* @description Returns a single Client or a set of all Clients
* @responseMessage 200 Found and retrieved Client(s)
* @responseMessage 404 Client with given name not found (if name provided)
*/
@Timed
@ExceptionMetered
@GET
public Response findClient(@Auth AutomationClient automationClient, @QueryParam("name") Optional<String> name) {
logger.info("Automation ({}) - Looking up a name {}", automationClient.getName(), name);
if (name.isPresent()) {
Client client = clientDAO.getClient(name.get()).orElseThrow(NotFoundException::new);
ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(client));
return Response.ok().entity(ClientDetailResponse.fromClient(client, groups, ImmutableList.of())).build();
}
List<ClientDetailResponse> clients = clientDAO.getClients().stream().map(c -> ClientDetailResponse.fromClient(c, ImmutableList.copyOf(aclDAO.getGroupsFor(c)), ImmutableList.of())).collect(toList());
return Response.ok().entity(clients).build();
}
Also used :
PathParam(javax.ws.rs.PathParam)
AclDAO(keywhiz.service.daos.AclDAO)
Produces(javax.ws.rs.Produces)
ClientDAO(keywhiz.service.daos.ClientDAO)
GET(javax.ws.rs.GET)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
Auth(io.dropwizard.auth.Auth)
HashMap(java.util.HashMap)
ClientsResource(keywhiz.service.resources.admin.ClientsResource)
Inject(javax.inject.Inject)
Valid(javax.validation.Valid)
AutomationClient(keywhiz.api.model.AutomationClient)
ClientDAOFactory(keywhiz.service.daos.ClientDAO.ClientDAOFactory)
QueryParam(javax.ws.rs.QueryParam)
ImmutableList(com.google.common.collect.ImmutableList)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Client(keywhiz.api.model.Client)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
DELETE(javax.ws.rs.DELETE)
ClientResource(keywhiz.service.resources.automation.v2.ClientResource)
AuditLog(keywhiz.log.AuditLog)
Group(keywhiz.api.model.Group)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
LongParam(io.dropwizard.jersey.params.LongParam)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
NotFoundException(javax.ws.rs.NotFoundException)
Timed(com.codahale.metrics.annotation.Timed)
EventTag(keywhiz.log.EventTag)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
ClientDetailResponse(keywhiz.api.ClientDetailResponse)
CreateClientRequest(keywhiz.api.CreateClientRequest)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Group(keywhiz.api.model.Group)
NotFoundException(javax.ws.rs.NotFoundException)
AutomationClient(keywhiz.api.model.AutomationClient)
Client(keywhiz.api.model.Client)
ClientDetailResponse(keywhiz.api.ClientDetailResponse)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 7 with AutomationClient
use of keywhiz.api.model.AutomationClient in project keywhiz by square.
the class AutomationGroupResource method getGroupById.
/**
* Retrieve Group by ID
*
* @param groupId the ID of the group to retrieve
* @excludeParams automationClient
* @description Returns a single Group if found
* @responseMessage 200 Found and retrieved Group with given ID
* @responseMessage 404 Group with given ID not Found
*/
@Timed
@ExceptionMetered
@GET
@Path("{groupId}")
public GroupDetailResponse getGroupById(@Auth AutomationClient automationClient, @PathParam("groupId") LongParam groupId) {
Group group = groupDAO.getGroupById(groupId.get()).orElseThrow(NotFoundException::new);
ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
return GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients);
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(javax.ws.rs.NotFoundException)
AutomationClient(keywhiz.api.model.AutomationClient)
Client(keywhiz.api.model.Client)
Path(javax.ws.rs.Path)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 8 with AutomationClient
use of keywhiz.api.model.AutomationClient in project keywhiz by square.
the class ClientResource method createClient.
/**
* Creates a client and assigns to given groups
*
* @excludeParams automationClient
* @param request JSON request to create a client
*
* @responseMessage 201 Created client and assigned to given groups
* @responseMessage 409 Client already exists
*/
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createClient(@Auth AutomationClient automationClient, @Valid CreateClientRequestV2 request) {
String creator = automationClient.getName();
String client = request.name();
clientDAOReadWrite.getClient(client).ifPresent((c) -> {
logger.info("Automation ({}) - Client {} already exists", creator, client);
throw new ConflictException("Client name already exists.");
});
// Creates new client record
long clientId = clientDAOReadWrite.createClient(client, creator, request.description());
auditLog.recordEvent(new Event(Instant.now(), EventTag.CLIENT_CREATE, creator, client));
// Enrolls client in any requested groups
groupsToGroupIds(request.groups()).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAOReadWrite.findAndEnrollClient(clientId, groupId, auditLog, creator, new HashMap<>())));
URI uri = UriBuilder.fromResource(ClientResource.class).path(client).build();
return Response.created(uri).build();
}
Also used :
NotImplementedException(org.apache.commons.lang3.NotImplementedException)
PathParam(javax.ws.rs.PathParam)
AclDAO(keywhiz.service.daos.AclDAO)
Produces(javax.ws.rs.Produces)
ClientDAO(keywhiz.service.daos.ClientDAO)
GET(javax.ws.rs.GET)
ClientDetailResponseV2(keywhiz.api.automation.v2.ClientDetailResponseV2)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
Auth(io.dropwizard.auth.Auth)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
HashMap(java.util.HashMap)
Inject(javax.inject.Inject)
Valid(javax.validation.Valid)
AutomationClient(keywhiz.api.model.AutomationClient)
ClientDAOFactory(keywhiz.service.daos.ClientDAO.ClientDAOFactory)
Consumes(javax.ws.rs.Consumes)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
UriBuilder(javax.ws.rs.core.UriBuilder)
URI(java.net.URI)
Client(keywhiz.api.model.Client)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
CreateClientRequestV2(keywhiz.api.automation.v2.CreateClientRequestV2)
AuditLog(keywhiz.log.AuditLog)
ModifyClientRequestV2(keywhiz.api.automation.v2.ModifyClientRequestV2)
Group(keywhiz.api.model.Group)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
Set(java.util.Set)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
EventTag(keywhiz.log.EventTag)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
PUT(javax.ws.rs.PUT)
ConflictException(keywhiz.service.exceptions.ConflictException)
Event(keywhiz.log.Event)
URI(java.net.URI)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 9 with AutomationClient
use of keywhiz.api.model.AutomationClient in project keywhiz by square.
the class ClientResource method modifyClient.
/**
* Modify a client
*
* @excludeParams automationClient
* @param currentName Client name
* @param request JSON request to modify the client
*
* @responseMessage 201 Client updated
* @responseMessage 404 Client not found
*/
@Timed
@ExceptionMetered
@POST
@Path("{name}")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public ClientDetailResponseV2 modifyClient(@Auth AutomationClient automationClient, @PathParam("name") String currentName, @Valid ModifyClientRequestV2 request) {
Client client = clientDAOReadWrite.getClient(currentName).orElseThrow(NotFoundException::new);
String newName = request.name();
// TODO: implement change client (name, updatedAt, updatedBy)
throw new NotImplementedException(format("Need to implement mutation methods in DAO to rename %s to %s", client.getName(), newName));
}
Also used :
NotImplementedException(org.apache.commons.lang3.NotImplementedException)
NotFoundException(javax.ws.rs.NotFoundException)
AutomationClient(keywhiz.api.model.AutomationClient)
Client(keywhiz.api.model.Client)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 10 with AutomationClient
use of keywhiz.api.model.AutomationClient in project keywhiz by square.
the class SecretResource method modifySecretGroups.
/**
* Modify the groups a secret is assigned to
*
* @excludeParams automationClient
* @param name Secret series name
* @param request JSON request to modify groups
*
* @responseMessage 201 Group membership changed
* @responseMessage 404 Secret series not found
*/
@Timed
@ExceptionMetered
@PUT
@Path("{name}/groups")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public Iterable<String> modifySecretGroups(@Auth AutomationClient automationClient, @PathParam("name") String name, @Valid ModifyGroupsRequestV2 request) {
// TODO: Use latest version instead of non-versioned
Secret secret = secretController.getSecretByName(name).orElseThrow(NotFoundException::new);
String user = automationClient.getName();
long secretId = secret.getId();
Set<String> oldGroups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
Set<String> groupsToAdd = Sets.difference(request.addGroups(), oldGroups);
Set<String> groupsToRemove = Sets.intersection(request.removeGroups(), oldGroups);
// TODO: should optimize AclDAO to use names and return only name column
groupsToGroupIds(groupsToAdd).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndAllowAccess(secretId, groupId, auditLog, user, new HashMap<>())));
groupsToGroupIds(groupsToRemove).forEach((maybeGroupId) -> maybeGroupId.ifPresent((groupId) -> aclDAO.findAndRevokeAccess(secretId, groupId, auditLog, user, new HashMap<>())));
return aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
}
Also used :
Secret(keywhiz.api.model.Secret)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
Secret(keywhiz.api.model.Secret)
Produces(javax.ws.rs.Produces)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
Valid(javax.validation.Valid)
QueryParam(javax.ws.rs.QueryParam)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
DefaultValue(javax.ws.rs.DefaultValue)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
ModifyGroupsRequestV2(keywhiz.api.automation.v2.ModifyGroupsRequestV2)
BadRequestException(javax.ws.rs.BadRequestException)
UriBuilder(javax.ws.rs.core.UriBuilder)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
ContentCryptographer(keywhiz.service.crypto.ContentCryptographer)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
Group(keywhiz.api.model.Group)
SecretVersion(keywhiz.api.model.SecretVersion)
CreateSecretRequestV2(keywhiz.api.automation.v2.CreateSecretRequestV2)
HOURS(java.time.temporal.ChronoUnit.HOURS)
Set(java.util.Set)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Sets(com.google.common.collect.Sets)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
Base64(java.util.Base64)
List(java.util.List)
Stream(java.util.stream.Stream)
Response(javax.ws.rs.core.Response)
Optional(java.util.Optional)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
SecretDAOFactory(keywhiz.service.daos.SecretDAO.SecretDAOFactory)
SecretContent(keywhiz.api.model.SecretContent)
PathParam(javax.ws.rs.PathParam)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
AclDAO(keywhiz.service.daos.AclDAO)
SanitizedSecretWithGroups(keywhiz.api.model.SanitizedSecretWithGroups)
GET(javax.ws.rs.GET)
Auth(io.dropwizard.auth.Auth)
PartialUpdateSecretRequestV2(keywhiz.api.automation.v2.PartialUpdateSecretRequestV2)
HashMap(java.util.HashMap)
SecretSeriesDAO(keywhiz.service.daos.SecretSeriesDAO)
Inject(javax.inject.Inject)
AutomationClient(keywhiz.api.model.AutomationClient)
ImmutableList(com.google.common.collect.ImmutableList)
SecretDAO(keywhiz.service.daos.SecretDAO)
SecretBuilder(keywhiz.service.daos.SecretController.SecretBuilder)
AuditLog(keywhiz.log.AuditLog)
DataAccessException(org.jooq.exception.DataAccessException)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
SecretSeriesDAOFactory(keywhiz.service.daos.SecretSeriesDAO.SecretSeriesDAOFactory)
Readonly(keywhiz.service.config.Readonly)
UTF_8(java.nio.charset.StandardCharsets.UTF_8)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
SetSecretVersionRequestV2(keywhiz.api.automation.v2.SetSecretVersionRequestV2)
SecretController(keywhiz.service.daos.SecretController)
EventTag(keywhiz.log.EventTag)
Collectors.toList(java.util.stream.Collectors.toList)
CreateOrUpdateSecretRequestV2(keywhiz.api.automation.v2.CreateOrUpdateSecretRequestV2)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
PUT(javax.ws.rs.PUT)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
PUT(javax.ws.rs.PUT)
Aggregations
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)12
Timed (com.codahale.metrics.annotation.Timed)12
AutomationClient (keywhiz.api.model.AutomationClient)12
NotFoundException (javax.ws.rs.NotFoundException)11
Path (javax.ws.rs.Path)11
Client (keywhiz.api.model.Client)10
Event (keywhiz.log.Event)9
HashMap (java.util.HashMap)8
Consumes (javax.ws.rs.Consumes)8
DELETE (javax.ws.rs.DELETE)8
GET (javax.ws.rs.GET)8
POST (javax.ws.rs.POST)8
Group (keywhiz.api.model.Group)8
Produces (javax.ws.rs.Produces)7
ConflictException (keywhiz.service.exceptions.ConflictException)7
Auth (io.dropwizard.auth.Auth)6
Instant (java.time.Instant)6
Optional (java.util.Optional)6
Inject (javax.inject.Inject)6
Valid (javax.validation.Valid)6
