Search in sources :

Example 21 with SanitizedSecret

use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.

the class AssignAction method run.

@Override
public void run() {
    List<String> assignType = assignActionConfig.assignType;
    if (assignType == null || assignType.isEmpty()) {
        throw new IllegalArgumentException("Must specify a single type to assign.");
    }
    if (assignActionConfig.name == null || !validName(assignActionConfig.name) || assignActionConfig.group == null || !validName(assignActionConfig.group)) {
        throw new IllegalArgumentException(format("Invalid name, must match %s", VALID_NAME_PATTERN));
    }
    Group group;
    try {
        group = keywhizClient.getGroupByName(assignActionConfig.group);
    } catch (KeywhizClient.NotFoundException e) {
        throw new AssertionError("Group doesn't exist.");
    } catch (IOException e) {
        throw Throwables.propagate(e);
    }
    String type = assignType.get(0).toLowerCase().trim();
    switch(type) {
        case "client":
            Client client = null;
            boolean createClient = false;
            try {
                client = keywhizClient.getClientByName(assignActionConfig.name);
            } catch (KeywhizClient.NotFoundException e) {
                logger.info("Creating client '{}'.", assignActionConfig.name);
                createClient = true;
            } catch (IOException e) {
                throw Throwables.propagate(e);
            }
            if (createClient) {
                try {
                    keywhizClient.createClient(assignActionConfig.name, "", "");
                    client = keywhizClient.getClientByName(assignActionConfig.name);
                } catch (IOException e) {
                    throw Throwables.propagate(e);
                }
            }
            try {
                if (keywhizClient.groupDetailsForId(group.getId()).getClients().contains(client)) {
                    throw new AssertionError(format("Client '%s' already assigned to group '%s'", assignActionConfig.name, group.getName()));
                }
                logger.info("Enrolling client '{}' in group '{}'.", client.getName(), group.getName());
                keywhizClient.enrollClientInGroupByIds(client.getId(), group.getId());
            } catch (IOException e) {
                throw Throwables.propagate(e);
            }
            break;
        case "secret":
            try {
                long groupId = group.getId();
                SanitizedSecret sanitizedSecret = keywhizClient.getSanitizedSecretByName(assignActionConfig.name);
                if (keywhizClient.groupDetailsForId(groupId).getSecrets().contains(sanitizedSecret)) {
                    throw new AssertionError(format("Secret '%s' already assigned to group '%s'", assignActionConfig.name, group.getName()));
                }
                logger.info("Allowing group '{}' access to secret '{}'.", group.getName(), sanitizedSecret.name());
                keywhizClient.grantSecretToGroupByIds(sanitizedSecret.id(), groupId);
            } catch (KeywhizClient.NotFoundException e) {
                throw new AssertionError("Secret doesn't exist.");
            } catch (IOException e) {
                throw Throwables.propagate(e);
            }
            break;
        default:
            throw new IllegalArgumentException("Invalid assign type specified: " + type);
    }
}
Also used : Group(keywhiz.api.model.Group) KeywhizClient(keywhiz.client.KeywhizClient) SanitizedSecret(keywhiz.api.model.SanitizedSecret) IOException(java.io.IOException) Client(keywhiz.api.model.Client) KeywhizClient(keywhiz.client.KeywhizClient)

Example 22 with SanitizedSecret

use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.

the class SecretDetailResponseV2Test method formsCorrectlyFromSanitizedSecret.

@Test
public void formsCorrectlyFromSanitizedSecret() {
    SanitizedSecret sanitizedSecret = SanitizedSecret.of(1, "secret-name", "secret-owner", "secret-description", "checksum", ApiDate.parse("2013-03-28T21:23:04.159Z"), "creator-user", ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user", ImmutableMap.of("owner", "root"), "text/plain", null, 1136214245, 1L, ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user");
    SecretDetailResponseV2 fromSanitizedSecret = SecretDetailResponseV2.builder().sanitizedSecret(sanitizedSecret).build();
    assertThat(fromSanitizedSecret).isEqualTo(secretDetailResponse);
}
Also used : SanitizedSecret(keywhiz.api.model.SanitizedSecret) Test(org.junit.Test)

Example 23 with SanitizedSecret

use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.

the class SecretsResource method sanitizedSecretFromName.

private SanitizedSecret sanitizedSecretFromName(String name) {
    Optional<Secret> optionalSecret = secretController.getSecretByName(name);
    if (optionalSecret.isEmpty()) {
        throw new NotFoundException("Secret not found.");
    }
    Secret secret = optionalSecret.get();
    return SanitizedSecret.fromSecret(secret);
}
Also used : Secret(keywhiz.api.model.Secret) SanitizedSecret(keywhiz.api.model.SanitizedSecret) NotFoundException(javax.ws.rs.NotFoundException)

Example 24 with SanitizedSecret

use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.

the class AutomationGroupResource method getGroupById.

/**
 * Retrieve Group by ID
 *
 * @param automationClient the client with automation access performing this operation
 * @param groupId the ID of the group to retrieve
 * @return details on the specified group
 *
 * description Returns a single Group if found
 * responseMessage 200 Found and retrieved Group with given ID
 * responseMessage 404 Group with given ID not Found
 */
@Timed
@ExceptionMetered
@GET
@Path("{groupId}")
public GroupDetailResponse getGroupById(@Auth AutomationClient automationClient, @PathParam("groupId") LongParam groupId) {
    Group group = groupDAO.getGroupById(groupId.get()).orElseThrow(NotFoundException::new);
    ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
    ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
    return GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients);
}
Also used : Group(keywhiz.api.model.Group) SanitizedSecret(keywhiz.api.model.SanitizedSecret) NotFoundException(javax.ws.rs.NotFoundException) AutomationClient(keywhiz.api.model.AutomationClient) Client(keywhiz.api.model.Client) Path(javax.ws.rs.Path) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)

Example 25 with SanitizedSecret

use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.

the class SecretDAO method getSecretVersionsByName.

/**
 * @param name of secret series to look up secrets by.
 * @param versionIdx the first index to select in a list of versions sorted by creation time
 * @param numVersions the number of versions after versionIdx to select in the list of versions
 * @return Versions of a secret matching input parameters or Optional.absent().
 */
public Optional<ImmutableList<SanitizedSecret>> getSecretVersionsByName(String name, int versionIdx, int numVersions) {
    checkArgument(!name.isEmpty());
    checkArgument(versionIdx >= 0);
    checkArgument(numVersions >= 0);
    SecretContentDAO secretContentDAO = secretContentDAOFactory.using(dslContext.configuration());
    SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(dslContext.configuration());
    Optional<SecretSeries> series = secretSeriesDAO.getSecretSeriesByName(name);
    if (series.isPresent()) {
        SecretSeries s = series.get();
        long secretId = s.id();
        Optional<ImmutableList<SecretContent>> contents = secretContentDAO.getSecretVersionsBySecretId(secretId, versionIdx, numVersions);
        if (contents.isPresent()) {
            ImmutableList.Builder<SanitizedSecret> b = new ImmutableList.Builder<>();
            b.addAll(contents.get().stream().map(c -> SanitizedSecret.fromSecretSeriesAndContent(SecretSeriesAndContent.of(s, c))).collect(toList()));
            return Optional.of(b.build());
        }
    }
    return Optional.empty();
}
Also used : SanitizedSecret(keywhiz.api.model.SanitizedSecret) SecretSeries(keywhiz.api.model.SecretSeries) ImmutableList(com.google.common.collect.ImmutableList)

Aggregations

SanitizedSecret (keywhiz.api.model.SanitizedSecret)41 Test (org.junit.Test)20 Group (keywhiz.api.model.Group)13 Client (keywhiz.api.model.Client)12 NotFoundException (javax.ws.rs.NotFoundException)10 IOException (java.io.IOException)9 ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)7 Timed (com.codahale.metrics.annotation.Timed)7 GET (javax.ws.rs.GET)6 Secret (keywhiz.api.model.Secret)5 KeywhizClient (keywhiz.client.KeywhizClient)5 ImmutableList (com.google.common.collect.ImmutableList)4 SecretDeliveryResponse (keywhiz.api.SecretDeliveryResponse)4 AutomationClient (keywhiz.api.model.AutomationClient)4 NotFoundException (keywhiz.client.KeywhizClient.NotFoundException)4 Consumes (javax.ws.rs.Consumes)3 POST (javax.ws.rs.POST)3 Path (javax.ws.rs.Path)3 BatchSecretRequest (keywhiz.api.BatchSecretRequest)3 GroupDetailResponse (keywhiz.api.GroupDetailResponse)3