Example 36 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class RenameAction method renameSecret.
private void renameSecret() {
try {
SanitizedSecret secret = keywhiz.getSanitizedSecretByName(config.oldName);
keywhiz.renameSecret(secret.id(), config.newName);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
Also used :
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
IOException(java.io.IOException)
Example 37 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class UnassignAction method run.
@Override
public void run() {
List<String> unassignType = unassignActionConfig.unassignType;
if (unassignType == null || unassignType.isEmpty()) {
throw new IllegalArgumentException("Must specify a single type to unassign.");
}
if (unassignActionConfig.name == null || !validName(unassignActionConfig.name) || unassignActionConfig.group == null || !validName(unassignActionConfig.group)) {
throw new IllegalArgumentException(format("Invalid name, must match %s", VALID_NAME_PATTERN));
}
Group group;
try {
group = keywhizClient.getGroupByName(unassignActionConfig.group);
if (group == null) {
throw new AssertionError("Group doesn't exist.");
}
} catch (IOException e) {
throw Throwables.propagate(e);
}
String firstType = unassignType.get(0).toLowerCase().trim();
switch(firstType) {
case "client":
try {
Client client = keywhizClient.getClientByName(unassignActionConfig.name);
if (!keywhizClient.groupDetailsForId(group.getId()).getClients().contains(client)) {
throw new AssertionError(format("Client '%s' not assigned to group '%s'.", unassignActionConfig.name, group));
}
logger.info("Evicting client '{}' from group '{}'.", client.getName(), group.getName());
keywhizClient.evictClientFromGroupByIds(client.getId(), group.getId());
} catch (NotFoundException e) {
throw new AssertionError("Client or group doesn't exist.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
case "secret":
try {
long groupId = group.getId();
SanitizedSecret sanitizedSecret = keywhizClient.getSanitizedSecretByName(unassignActionConfig.name);
if (!keywhizClient.groupDetailsForId(groupId).getSecrets().contains(sanitizedSecret)) {
throw new AssertionError(format("Secret '%s' not assigned to group '%s'", unassignActionConfig.name, group));
}
logger.info("Revoke group '{}' access to secret '{}'.", group.getName(), SanitizedSecret.displayName(sanitizedSecret));
keywhizClient.revokeSecretFromGroupByIds(sanitizedSecret.id(), groupId);
} catch (NotFoundException e) {
throw new AssertionError("Secret or group doesn't exist.");
} catch (IOException e) {
throw Throwables.propagate(e);
}
break;
default:
throw new IllegalArgumentException("Invalid unassign type specified: " + firstType);
}
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(keywhiz.client.KeywhizClient.NotFoundException)
IOException(java.io.IOException)
Client(keywhiz.api.model.Client)
KeywhizClient(keywhiz.client.KeywhizClient)
Example 38 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class SecretResource method secretListingExpiringForGroup.
/**
* Retrieve listing of secrets expiring soon in a group
*
* @param time timestamp for farthest expiry to include
* @param name Group name
* responseMessage 200 List of secrets expiring soon in group
*/
@Timed
@ExceptionMetered
@Path("expiring/{time}/{name}")
@GET
@Produces(APPLICATION_JSON)
public Iterable<String> secretListingExpiringForGroup(@Auth AutomationClient automationClient, @PathParam("time") Long time, @PathParam("name") String name) {
Group group = groupDAO.getGroup(name).orElseThrow(NotFoundException::new);
List<SanitizedSecret> secrets = secretControllerReadOnly.getSanitizedSecrets(time, group);
return secrets.stream().map(SanitizedSecret::name).collect(toSet());
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(javax.ws.rs.NotFoundException)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 39 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class GroupResource method secretsWithGroupsForGroup.
/**
* Retrieve metadata for secrets in a particular group, including all
* groups linked to each secret.
*
* @param name Group name
*
* responseMessage 200 Group information retrieved
* responseMessage 404 Group not found
*/
@Timed
@ExceptionMetered
@GET
@Path("{name}/secretsandgroups")
@Produces(APPLICATION_JSON)
public Set<SanitizedSecretWithGroups> secretsWithGroupsForGroup(@Auth AutomationClient automationClient, @PathParam("name") String name) {
Group group = groupDAOReadOnly.getGroup(name).orElseThrow(NotFoundException::new);
Set<SanitizedSecret> secrets = aclDAOReadOnly.getSanitizedSecretsFor(group);
Map<Long, List<Group>> groupsForSecrets = aclDAOReadOnly.getGroupsForSecrets(secrets.stream().map(SanitizedSecret::id).collect(Collectors.toUnmodifiableSet()));
return secrets.stream().map(s -> {
List<Group> groups = groupsForSecrets.get(s.id());
if (groups == null) {
groups = ImmutableList.of();
}
return SanitizedSecretWithGroups.of(s, groups);
}).collect(Collectors.toUnmodifiableSet());
}
Also used :
PathParam(javax.ws.rs.PathParam)
AclDAO(keywhiz.service.daos.AclDAO)
Produces(javax.ws.rs.Produces)
SanitizedSecretWithGroups(keywhiz.api.model.SanitizedSecretWithGroups)
GET(javax.ws.rs.GET)
Event(keywhiz.log.Event)
Path(javax.ws.rs.Path)
LoggerFactory(org.slf4j.LoggerFactory)
Auth(io.dropwizard.auth.Auth)
GroupDAOFactory(keywhiz.service.daos.GroupDAO.GroupDAOFactory)
HashMap(java.util.HashMap)
Inject(javax.inject.Inject)
Valid(javax.validation.Valid)
AutomationClient(keywhiz.api.model.AutomationClient)
ImmutableList(com.google.common.collect.ImmutableList)
Consumes(javax.ws.rs.Consumes)
Map(java.util.Map)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
UriBuilder(javax.ws.rs.core.UriBuilder)
URI(java.net.URI)
Client(keywhiz.api.model.Client)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
GroupDAO(keywhiz.service.daos.GroupDAO)
Collectors.toSet(java.util.stream.Collectors.toSet)
DELETE(javax.ws.rs.DELETE)
AuditLog(keywhiz.log.AuditLog)
Tracing.setTag(keywhiz.Tracing.setTag)
Group(keywhiz.api.model.Group)
POST(javax.ws.rs.POST)
Logger(org.slf4j.Logger)
Tracing.tagErrors(keywhiz.Tracing.tagErrors)
Set(java.util.Set)
AclDAOFactory(keywhiz.service.daos.AclDAO.AclDAOFactory)
ConflictException(keywhiz.service.exceptions.ConflictException)
Instant(java.time.Instant)
Collectors(java.util.stream.Collectors)
NotFoundException(javax.ws.rs.NotFoundException)
String.format(java.lang.String.format)
Timed(com.codahale.metrics.annotation.Timed)
EventTag(keywhiz.log.EventTag)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
Response(javax.ws.rs.core.Response)
GroupDetailResponseV2(keywhiz.api.automation.v2.GroupDetailResponseV2)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
CreateGroupRequestV2(keywhiz.api.automation.v2.CreateGroupRequestV2)
SanitizedSecretWithGroups.fromSecretSeriesAndContentAndGroups(keywhiz.api.model.SanitizedSecretWithGroups.fromSecretSeriesAndContentAndGroups)
SecretSeries(keywhiz.api.model.SecretSeries)
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(javax.ws.rs.NotFoundException)
ImmutableList(com.google.common.collect.ImmutableList)
List(java.util.List)
Collectors.toList(java.util.stream.Collectors.toList)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 40 with SanitizedSecret
use of keywhiz.api.model.SanitizedSecret in project keywhiz by square.
the class ClientsResource method clientDetailResponseFromId.
private ClientDetailResponse clientDetailResponseFromId(long clientId) {
Optional<Client> optionalClient = clientDAO.getClientById(clientId);
if (!optionalClient.isPresent()) {
throw new NotFoundException("Client not found.");
}
Client client = optionalClient.get();
ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(client));
ImmutableList<SanitizedSecret> sanitizedSecrets = ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(client));
return ClientDetailResponse.fromClient(client, groups, sanitizedSecrets);
}
Also used :
Group(keywhiz.api.model.Group)
SanitizedSecret(keywhiz.api.model.SanitizedSecret)
NotFoundException(javax.ws.rs.NotFoundException)
Client(keywhiz.api.model.Client)
Aggregations
SanitizedSecret (keywhiz.api.model.SanitizedSecret)41
Test (org.junit.Test)20
Group (keywhiz.api.model.Group)13
Client (keywhiz.api.model.Client)12
NotFoundException (javax.ws.rs.NotFoundException)10
IOException (java.io.IOException)9
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)7
Timed (com.codahale.metrics.annotation.Timed)7
GET (javax.ws.rs.GET)6
Secret (keywhiz.api.model.Secret)5
KeywhizClient (keywhiz.client.KeywhizClient)5
ImmutableList (com.google.common.collect.ImmutableList)4
SecretDeliveryResponse (keywhiz.api.SecretDeliveryResponse)4
AutomationClient (keywhiz.api.model.AutomationClient)4
NotFoundException (keywhiz.client.KeywhizClient.NotFoundException)4
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
BatchSecretRequest (keywhiz.api.BatchSecretRequest)3
GroupDetailResponse (keywhiz.api.GroupDetailResponse)3
