Examples with Secret keywhiz.api.model.Secret used on opensource projects

Example 26 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretDeliveryResource method getSecret.

/**
 * Retrieve Secret by name
 *
 * @param secretName the name of the Secret to retrieve
 * @param client the client performing the retrieval
 * @return the secret with the specified name, if present and accessible to the client
 *
 * responseMessage 200 Found and retrieved Secret with given name
 * responseMessage 403 Secret is not assigned to Client
 * responseMessage 404 Secret with given name not found
 * responseMessage 500 Secret response could not be generated for given Secret
 */
@Timed
@ExceptionMetered
@GET
public SecretDeliveryResponse getSecret(@NotEmpty @PathParam("secretName") String secretName, @Auth Client client) {
    Optional<SanitizedSecret> sanitizedSecret = aclDAO.getSanitizedSecretFor(client, secretName);
    Optional<Secret> secret = secretController.getSecretByName(secretName);
    if (!sanitizedSecret.isPresent()) {
        boolean clientExists = clientDAO.getClientByName(client.getName()).isPresent();
        boolean secretExists = secret.isPresent();
        if (clientExists && secretExists) {
            throw new ForbiddenException(format("Access denied: %s at '%s' by '%s'", client.getName(), "/secret/" + secretName, client));
        } else {
            if (clientExists) {
                logger.info("Client {} requested unknown secret {}", client.getName(), secretName);
            }
            throw new NotFoundException();
        }
    }
    logger.info("Client {} granted access to {}.", client.getName(), secretName);
    try {
        return SecretDeliveryResponse.fromSecret(secret.get());
    } catch (IllegalArgumentException e) {
        logger.error(format("Failed creating response for secret %s", secretName), e);
        throw new InternalServerErrorException();
    }
}

Example 27 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretDeliveryResourceIntegrationTest method setUp.

@Before
public void setUp() throws Exception {
    client = TestClients.mutualSslClient();
    keywhizClient = TestClients.keywhizClient();
    generalPassword = new Secret(0, "General_Password", null, null, () -> "YXNkZGFz", "", ApiDate.parse("2011-09-29T15:46:00Z"), null, ApiDate.parse("2011-09-29T15:46:00Z"), null, null, "upload", null, 0, 1L, ApiDate.parse("2011-09-29T15:46:00Z"), null);
}

Example 28 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class AutomationSecretResource method createSecret.

/**
 * Create secret
 *
 * @param automationClient the client with automation access performing this operation
 * @param request JSON request to formulate the secret
 * @return details on the newly created secret, or 409 if the secret name already exists
 *
 * description Creates a secret with the name, content, and metadata from a valid secret request
 * responseMessage 200 Successfully created secret
 * responseMessage 409 Secret with given name already exists
 */
@Timed
@ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public AutomationSecretResponse createSecret(@Auth AutomationClient automationClient, @Valid CreateSecretRequest request) {
    SecretController.SecretBuilder builder = secretController.builder(request.name, request.content, automationClient.getName(), request.expiry).withDescription(nullToEmpty(request.description)).withOwnerName(request.owner);
    if (request.metadata != null) {
        builder.withMetadata(request.metadata);
    }
    Secret secret;
    try {
        secret = builder.create();
    } catch (DataAccessException e) {
        logger.info(format("Cannot create secret %s", request.name), e);
        throw new ConflictException(format("Cannot create secret %s.", request.name));
    }
    ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(secret));
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("deprecated", "true");
    if (request.description != null) {
        extraInfo.put("description", request.description);
    }
    if (request.metadata != null) {
        extraInfo.put("metadata", request.metadata.toString());
    }
    extraInfo.put("expiry", Long.toString(request.expiry));
    auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CREATE, automationClient.getName(), request.name, extraInfo));
    return AutomationSecretResponse.fromSecret(secret, groups);
}

Example 29 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class AutomationSecretResource method deleteSecretSeries.

/**
 * Deletes all versions of a secret series
 *
 * @param automationClient the client with automation access performing this operation
 * @param secretName the name of the secret series to delete
 * @return 200 if the deletion is successful, or 404 if the given secret was not found
 *
 * description Deletes all versions of a secret series.  This will delete a single secret ID.
 * responseMessage 200 Deleted secret series
 * responseMessage 404 Secret series not Found
 */
@Path("{secretName}")
@Timed
@ExceptionMetered
@DELETE
public Response deleteSecretSeries(@Auth AutomationClient automationClient, @PathParam("secretName") String secretName) {
    Secret secret = secretController.getSecretByName(secretName).orElseThrow(() -> new NotFoundException("Secret series not found."));
    Set<String> groups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
    secretDAO.deleteSecretsByName(secretName);
    // Record all groups to which this secret belongs, so they can be restored manually if necessary
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("deprecated", "true");
    extraInfo.put("groups", groups.toString());
    extraInfo.put("current version", secret.getVersion().toString());
    auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_DELETE, automationClient.getName(), secretName, extraInfo));
    return Response.ok().build();
}

Example 30 with Secret

use of keywhiz.api.model.Secret in project keywhiz by square.

the class SecretResource method secretContents.

/**
 * Retrieve contents for a set of secret series.  Throws an exception
 * for unexpected errors (i. e. empty secret names or errors connecting to
 * the database); returns a response containing the contents of found
 * secrets and a list of any missing secrets.
 *
 * responseMessage 200 Secret series information retrieved
 */
@Timed
@ExceptionMetered
@POST
@Path("request/contents")
@Produces(APPLICATION_JSON)
public SecretContentsResponseV2 secretContents(@Auth AutomationClient automationClient, @Valid SecretContentsRequestV2 request) {
    HashMap<String, String> successSecrets = new HashMap<>();
    ArrayList<String> missingSecrets = new ArrayList<>();
    // Get the contents for each secret, recording any errors
    for (String secretName : request.secrets()) {
        // Get the secret, if present
        Optional<Secret> secret = secretController.getSecretByName(secretName);
        if (!secret.isPresent()) {
            missingSecrets.add(secretName);
        } else {
            successSecrets.put(secretName, secret.get().getSecret());
        }
    }
    // Record the read in the audit log, tracking which secrets were found and not found
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("success_secrets", successSecrets.keySet().toString());
    extraInfo.put("missing_secrets", missingSecrets.toString());
    auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_READCONTENT, automationClient.getName(), request.secrets().toString(), extraInfo));
    return SecretContentsResponseV2.builder().successSecrets(successSecrets).missingSecrets(missingSecrets).build();
}