Examples with Secret keywhiz.api.model.Secret used on opensource projects

Example 6 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class BatchSecretDeliveryResource method getBatchSecret.

/**
 * Retrieve Secret by name
 *
 * @param secrets the name of the Secrets to retrieve in batch
 * @param client  the client performing the retrieval
 * @return the secret with the specified name, if present and accessible to the client
 * <p>
 * responseMessage 200 Found and retrieved Secret with given name
 * responseMessage 403 Secret is not assigned to Client
 * responseMessage 404 Secret with given name not found
 * responseMessage 500 Secret response could not be generated for given Secret
 */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public List<SecretDeliveryResponse> getBatchSecret(@Auth Client client, @Valid BatchSecretRequest request) {
    List<SanitizedSecret> clientAccessibleSecrets = aclDAO.getBatchSanitizedSecretsFor(client, request.secrets());
    List<Secret> existingSecrets = secretController.getSecretsByName(request.secrets());
    boolean clientExists = clientDAO.getClientByName(client.getName()).isPresent();
    List<String> forbiddenSecrets = new ArrayList<>();
    // The client is responsible for only requesting secrets they have permission for
    for (String secretname : request.secrets()) {
        boolean secretExists = existingSecrets.stream().anyMatch(s -> s.getName().equals(secretname));
        boolean secretAccessible = clientAccessibleSecrets.stream().anyMatch(s -> s.name().equals(secretname));
        if (!(clientExists && secretExists)) {
            logger.warn("Client {} or secret {} does not exist (client exists={}, secret exists={})", client.getName(), secretname, clientExists, secretExists);
            throw new NotFoundException();
        }
        if (!secretAccessible) {
            // at this point we know the client and secret both exist
            forbiddenSecrets.add(secretname);
        }
    }
    // If *any* of the secrets is forbidden
    if (!forbiddenSecrets.isEmpty()) {
        throw new ForbiddenException(format("Access denied: %s to secret(s) '%s'", client.getName(), forbiddenSecrets));
    }
    logger.info("Client {} granted access to {}.", client.getName(), clientAccessibleSecrets.stream().map(s -> s.name()).collect(toList()));
    try {
        // This is only possible if all secrets are both existing AND accessible to the client
        List<SecretDeliveryResponse> secrets = existingSecrets.stream().map(SecretDeliveryResponse::fromSecret).collect(toList());
        setTag("nSecrets", secrets.size());
        return secrets;
    } catch (IllegalArgumentException e) {
        logger.error(format("Failed creating batch response for secrets %s", existingSecrets.stream().map(s -> s.getName()).collect(toList())), e);
        throw new InternalServerErrorException();
    }
}

Example 7 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretControllerTest method loadsSecretWithOwnerByName.

@Test
public void loadsSecretWithOwnerByName() {
    String ownerName = UUID.randomUUID().toString();
    groupDAO.createGroup(ownerName, "creator", "description", ImmutableMap.of());
    String secretName = UUID.randomUUID().toString();
    Secret created = secretController.builder(secretName, "secret", "creator", now).withOwnerName(ownerName).create();
    Secret persisted = secretController.getSecretByName(secretName).get();
    assertEquals(ownerName, persisted.getOwner());
}

Example 8 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretControllerTest method updateOverwritesOwner.

@Test
public void updateOverwritesOwner() {
    String ownerName1 = UUID.randomUUID().toString();
    String ownerName2 = UUID.randomUUID().toString();
    groupDAO.createGroup(ownerName1, "creator", "description", ImmutableMap.of());
    groupDAO.createGroup(ownerName2, "creator", "description", ImmutableMap.of());
    String secretName = UUID.randomUUID().toString();
    Secret created = secretController.builder(secretName, "secret", "creator", now).withOwnerName(ownerName1).create();
    Secret updated = secretController.builder(secretName, "secret", "creator", now).withOwnerName(ownerName2).createOrUpdate();
    assertEquals(ownerName2, updated.getOwner());
}

Example 9 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretControllerTest method createsOrUpdatesNewSecretWithOwner.

@Test
public void createsOrUpdatesNewSecretWithOwner() {
    String ownerName = UUID.randomUUID().toString();
    groupDAO.createGroup(ownerName, "creator", "description", ImmutableMap.of());
    String secretName = UUID.randomUUID().toString();
    Secret created = secretController.builder(secretName, "secret", "creator", now).withOwnerName(ownerName).createOrUpdate();
    assertEquals(ownerName, created.getOwner());
}

Example 10 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretControllerTest method createsOrUpdatesExistingSecretWithOwner.

@Test
public void createsOrUpdatesExistingSecretWithOwner() {
    String ownerName = UUID.randomUUID().toString();
    groupDAO.createGroup(ownerName, "creator", "description", ImmutableMap.of());
    String secretName = UUID.randomUUID().toString();
    Secret created = secretController.builder(secretName, "secret", "creator", now).withOwnerName(ownerName).create();
    Secret updated = secretController.builder(secretName, "secret", "creator", now).withOwnerName(ownerName).createOrUpdate();
    assertEquals(ownerName, updated.getOwner());
}