Example 31 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class BatchSecretDeliveryResourceTest method returnsForbiddenWhenOneOfSecretsNotAllowed.
// All of the secrets exist AND client exists, but ANY of the secrets not allowed => Forbidden
@Test(expected = ForbiddenException.class)
public void returnsForbiddenWhenOneOfSecretsNotAllowed() throws Exception {
SanitizedSecret sanitizedSecret = SanitizedSecret.fromSecret(secret);
SanitizedSecret forbiddenSecret = SanitizedSecret.fromSecret(secret2);
ImmutableList<String> secretnames = ImmutableList.of(sanitizedSecret.name(), forbiddenSecret.name());
BatchSecretRequest req = BatchSecretRequest.create(secretnames);
// Client can only access one out of two secrets
when(aclDAO.getBatchSanitizedSecretsFor(client, secretnames)).thenReturn(List.of(sanitizedSecret));
when(clientDAO.getClientByName(client.getName())).thenReturn(Optional.of(client));
when(secretController.getSecretsByName(secretnames)).thenReturn(List.of(secret, secret2));
batchSecretDeliveryResource.getBatchSecret(client, req);
}
Also used :
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
BatchSecretRequest(keywhiz.api.BatchSecretRequest)
Test(org.junit.Test)
Example 32 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class Printing method printClientWithDetails.
public void printClientWithDetails(Client client) {
System.out.println(client.getName());
ClientDetailResponse clientDetails;
try {
clientDetails = keywhizClient.clientDetailsForId(client.getId());
} catch (IOException e) {
throw Throwables.propagate(e);
}
System.out.println(INDENT + "Groups:");
clientDetails.groups.stream().sorted(Comparator.comparing(Group::getName)).forEach(g -> System.out.println(DOUBLE_INDENT + g.getName()));
System.out.println(INDENT + "Secrets:");
clientDetails.secrets.stream().sorted(Comparator.comparing(SanitizedSecret::name)).forEach(s -> System.out.println(DOUBLE_INDENT + SanitizedSecret.displayName(s)));
if (clientDetails.lastSeen == null) {
System.out.println(INDENT + "Last Seen: never");
} else {
Date d = new Date(clientDetails.lastSeen.toEpochSecond() * 1000);
System.out.printf(INDENT + "Last Seen: %s%n", DateFormat.getDateTimeInstance().format(d));
}
if (!clientDetails.description.isEmpty()) {
System.out.println(INDENT + "Description:");
System.out.println(DOUBLE_INDENT + clientDetails.description);
}
if (clientDetails.spiffeId != null && !clientDetails.spiffeId.isEmpty()) {
System.out.println(INDENT + "Spiffe ID:");
System.out.println(DOUBLE_INDENT + clientDetails.spiffeId);
}
if (!clientDetails.createdBy.isEmpty()) {
System.out.println(INDENT + "Created by:");
System.out.println(DOUBLE_INDENT + clientDetails.createdBy);
}
System.out.println(INDENT + "Created at:");
Date d = new Date(clientDetails.creationDate.toEpochSecond() * 1000);
System.out.println(DOUBLE_INDENT + DateFormat.getDateTimeInstance().format(d));
if (!clientDetails.updatedBy.isEmpty()) {
System.out.println(INDENT + "Updated by:");
System.out.println(DOUBLE_INDENT + clientDetails.updatedBy);
}
System.out.println(INDENT + "Updated at:");
d = new Date(clientDetails.updateDate.toEpochSecond() * 1000);
System.out.println(DOUBLE_INDENT + DateFormat.getDateTimeInstance().format(d));
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
IOException(java.io.IOException)
ClientDetailResponse(keywhiz.api.ClientDetailResponse)
Date(java.util.Date)
Example 33 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class DeleteAction method run.
@Override
public void run() {
List<String> type = deleteActionConfig.deleteType;
if (type == null || type.isEmpty()) {
throw new IllegalArgumentException("Must specify a single type to delete.");
}
if (deleteActionConfig.name == null || !validName(deleteActionConfig.name)) {
throw new IllegalArgumentException(format("Invalid name, must match %s", VALID_NAME_PATTERN));
}
String firstType = type.get(0).toLowerCase().trim();
switch(firstType) {
case "group":
try {
Group group = keywhizClient.getGroupByName(deleteActionConfig.name);
logger.info("Deleting group '{}'.", group.getName());
keywhizClient.deleteGroupWithId(group.getId());
} catch (NotFoundException e) {
throw new AssertionError("Group does not exist.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
case "client":
try {
Client client = keywhizClient.getClientByName(deleteActionConfig.name);
logger.info("Deleting client '{}'.", client.getName());
keywhizClient.deleteClientWithId(client.getId());
} catch (NotFoundException e) {
throw new AssertionError("Client does not exist.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
case "secret":
try {
SanitizedSecret sanitizedSecret = keywhizClient.getSanitizedSecretByName(deleteActionConfig.name);
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, UTF_8));
while (true) {
System.out.println(format("Please confirm deletion of secret '%s': Y/N", sanitizedSecret.name()));
String line = reader.readLine();
if (line == null || /* EOF */
line.toUpperCase().startsWith("N")) {
return;
} else if (line.toUpperCase().startsWith("Y")) {
logger.info("Deleting secret '{}'.", sanitizedSecret.name());
keywhizClient.deleteSecretWithId(sanitizedSecret.id());
return;
}
// else loop again
}
} catch (NotFoundException e) {
throw new AssertionError("Secret does not exist: " + deleteActionConfig.name);
} catch (IOException e) {
throw new AssertionError(e);
}
default:
throw new IllegalArgumentException("Invalid delete type specified: " + type);
}
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
InputStreamReader(java.io.InputStreamReader)
BufferedReader(java.io.BufferedReader)
NotFoundException(keywhiz.client.KeywhizClient.NotFoundException)
IOException(java.io.IOException)
Client(keywhiz.api.model.Client)
KeywhizClient(keywhiz.client.KeywhizClient)
Example 34 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class DescribeAction method run.
@Override
public void run() {
List<String> describeType = describeActionConfig.describeType;
if (describeType == null || describeType.isEmpty()) {
throw new IllegalArgumentException("Must specify a single type to describe.");
}
if (describeActionConfig.name == null || !validName(describeActionConfig.name)) {
throw new IllegalArgumentException(format("Invalid name, must match %s", VALID_NAME_PATTERN));
}
String firstType = describeType.get(0).toLowerCase().trim();
String name = describeActionConfig.name;
switch(firstType) {
case "group":
try {
Group group = keywhizClient.getGroupByName(name);
printing.printGroupWithDetails(group);
} catch (NotFoundException e) {
throw new AssertionError("Group not found.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
case "client":
try {
Client client = keywhizClient.getClientByName(name);
printing.printClientWithDetails(client);
} catch (NotFoundException e) {
throw new AssertionError("Client not found.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
case "secret":
SanitizedSecret sanitizedSecret;
try {
sanitizedSecret = keywhizClient.getSanitizedSecretByName(name);
printing.printSanitizedSecretWithDetails(sanitizedSecret);
} catch (NotFoundException e) {
throw new AssertionError("Secret not found.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
default:
throw new IllegalArgumentException("Invalid describe type specified: " + firstType);
}
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(keywhiz.client.KeywhizClient.NotFoundException)
IOException(java.io.IOException)
Client(keywhiz.api.model.Client)
KeywhizClient(keywhiz.client.KeywhizClient)
Example 35 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class ListVersionsAction method run.
@Override
public void run() {
if (listVersionsActionConfig.name == null || !validName(listVersionsActionConfig.name)) {
throw new IllegalArgumentException(format("Invalid name, must match %s", VALID_NAME_PATTERN));
}
try {
SanitizedSecret sanitizedSecret = keywhizClient.getSanitizedSecretByName(listVersionsActionConfig.name);
List<SanitizedSecret> versions = keywhizClient.listSecretVersions(sanitizedSecret.name(), listVersionsActionConfig.idx, listVersionsActionConfig.number);
printing.printSecretVersions(versions, sanitizedSecret.version());
} catch (NotFoundException e) {
throw new AssertionError("Secret does not exist: " + listVersionsActionConfig.name);
} catch (IOException e) {
throw Throwables.propagate(e);
}
}
Also used :
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(keywhiz.client.KeywhizClient.NotFoundException)
IOException(java.io.IOException)
Aggregations
SanitizedSecret (keywhiz.api.model.SanitizedSecret)41
Test (org.junit.Test)20
Group (keywhiz.api.model.Group)13
Client (keywhiz.api.model.Client)12
NotFoundException (javax.ws.rs.NotFoundException)10
IOException (java.io.IOException)9
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)7
Timed (com.codahale.metrics.annotation.Timed)7
GET (javax.ws.rs.GET)6
Secret (keywhiz.api.model.Secret)5
KeywhizClient (keywhiz.client.KeywhizClient)5
ImmutableList (com.google.common.collect.ImmutableList)4
SecretDeliveryResponse (keywhiz.api.SecretDeliveryResponse)4
AutomationClient (keywhiz.api.model.AutomationClient)4
NotFoundException (keywhiz.client.KeywhizClient.NotFoundException)4
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
BatchSecretRequest (keywhiz.api.BatchSecretRequest)3
GroupDetailResponse (keywhiz.api.GroupDetailResponse)3
