use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class AssignAction method run.
@Override
public void run() {
List<String> assignType = assignActionConfig.assignType;
if (assignType == null || assignType.isEmpty()) {
throw new IllegalArgumentException("Must specify a single type to assign.");
}
if (assignActionConfig.name == null || !validName(assignActionConfig.name) || assignActionConfig.group == null || !validName(assignActionConfig.group)) {
throw new IllegalArgumentException(format("Invalid name, must match %s", VALID_NAME_PATTERN));
}
Group group;
try {
group = keywhizClient.getGroupByName(assignActionConfig.group);
} catch (KeywhizClient.NotFoundException e) {
throw new AssertionError("Group doesn't exist.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
String type = assignType.get(0).toLowerCase().trim();
switch(type) {
case "client":
Client client = null;
boolean createClient = false;
try {
client = keywhizClient.getClientByName(assignActionConfig.name);
} catch (KeywhizClient.NotFoundException e) {
logger.info("Creating client '{}'.", assignActionConfig.name);
createClient = true;
} catch (IOException e) {
throw Throwables.propagate(e);
}
if (createClient) {
try {
keywhizClient.createClient(assignActionConfig.name, "", "");
client = keywhizClient.getClientByName(assignActionConfig.name);
} catch (IOException e) {
throw Throwables.propagate(e);
}
}
try {
if (keywhizClient.groupDetailsForId(group.getId()).getClients().contains(client)) {
throw new AssertionError(format("Client '%s' already assigned to group '%s'", assignActionConfig.name, group.getName()));
}
logger.info("Enrolling client '{}' in group '{}'.", client.getName(), group.getName());
keywhizClient.enrollClientInGroupByIds(client.getId(), group.getId());
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
case "secret":
try {
long groupId = group.getId();
SanitizedSecret sanitizedSecret = keywhizClient.getSanitizedSecretByName(assignActionConfig.name);
if (keywhizClient.groupDetailsForId(groupId).getSecrets().contains(sanitizedSecret)) {
throw new AssertionError(format("Secret '%s' already assigned to group '%s'", assignActionConfig.name, group.getName()));
}
logger.info("Allowing group '{}' access to secret '{}'.", group.getName(), sanitizedSecret.name());
keywhizClient.grantSecretToGroupByIds(sanitizedSecret.id(), groupId);
} catch (KeywhizClient.NotFoundException e) {
throw new AssertionError("Secret doesn't exist.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
default:
throw new IllegalArgumentException("Invalid assign type specified: " + type);
}
}
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class SecretDetailResponseV2Test method formsCorrectlyFromSanitizedSecret.
@Test
public void formsCorrectlyFromSanitizedSecret() {
SanitizedSecret sanitizedSecret = SanitizedSecret.of(1, "secret-name", "secret-owner", "secret-description", "checksum", ApiDate.parse("2013-03-28T21:23:04.159Z"), "creator-user", ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user", ImmutableMap.of("owner", "root"), "text/plain", null, 1136214245, 1L, ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user");
SecretDetailResponseV2 fromSanitizedSecret = SecretDetailResponseV2.builder().sanitizedSecret(sanitizedSecret).build();
assertThat(fromSanitizedSecret).isEqualTo(secretDetailResponse);
}
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class SecretsResource method sanitizedSecretFromName.
private SanitizedSecret sanitizedSecretFromName(String name) {
Optional<Secret> optionalSecret = secretController.getSecretByName(name);
if (optionalSecret.isEmpty()) {
throw new NotFoundException("Secret not found.");
}
Secret secret = optionalSecret.get();
return SanitizedSecret.fromSecret(secret);
}
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class AutomationGroupResource method getGroupById.
/**
* Retrieve Group by ID
*
* @param automationClient the client with automation access performing this operation
* @param groupId the ID of the group to retrieve
* @return details on the specified group
*
* description Returns a single Group if found
* responseMessage 200 Found and retrieved Group with given ID
* responseMessage 404 Group with given ID not Found
*/
@Timed
@ExceptionMetered
@GET
@Path("{groupId}")
public GroupDetailResponse getGroupById(@Auth AutomationClient automationClient, @PathParam("groupId") LongParam groupId) {
Group group = groupDAO.getGroupById(groupId.get()).orElseThrow(NotFoundException::new);
ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
return GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients);
}
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class SecretDAO method getSecretVersionsByName.
/**
* @param name of secret series to look up secrets by.
* @param versionIdx the first index to select in a list of versions sorted by creation time
* @param numVersions the number of versions after versionIdx to select in the list of versions
* @return Versions of a secret matching input parameters or Optional.absent().
*/
public Optional<ImmutableList<SanitizedSecret>> getSecretVersionsByName(String name, int versionIdx, int numVersions) {
checkArgument(!name.isEmpty());
checkArgument(versionIdx >= 0);
checkArgument(numVersions >= 0);
SecretContentDAO secretContentDAO = secretContentDAOFactory.using(dslContext.configuration());
SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(dslContext.configuration());
Optional<SecretSeries> series = secretSeriesDAO.getSecretSeriesByName(name);
if (series.isPresent()) {
SecretSeries s = series.get();
long secretId = s.id();
Optional<ImmutableList<SecretContent>> contents = secretContentDAO.getSecretVersionsBySecretId(secretId, versionIdx, numVersions);
if (contents.isPresent()) {
ImmutableList.Builder<SanitizedSecret> b = new ImmutableList.Builder<>();
b.addAll(contents.get().stream().map(c -> SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(s, c))).collect(toList()));
return Optional.of(b.build());
}
}
return Optional.empty();
}
Aggregations