Search in sources :

Example 21 with SecretSeries

use of keywhiz.api.model.SecretSeries in project keywhiz by square.

the class AclDAO method findAndRevokeAccess.

public void findAndRevokeAccess(long secretId, long groupId, AuditLog auditLog, String user, Map<String, String> extraInfo) {
    dslContext.transaction(configuration -> {
        GroupDAO groupDAO = groupDAOFactory.using(configuration);
        SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
        Optional<Group> group = groupDAO.getGroupById(groupId);
        if (!group.isPresent()) {
            logger.info("Failure to revoke access groupId {}, secretId {}: groupId not found.", groupId, secretId);
            throw new IllegalStateException(format("GroupId %d doesn't exist.", groupId));
        }
        Optional<SecretSeries> secret = secretSeriesDAO.getSecretSeriesById(secretId);
        if (!secret.isPresent()) {
            logger.info("Failure to revoke access groupId {}, secretId {}: secretId not found.", groupId, secretId);
            throw new IllegalStateException(format("SecretId %d doesn't exist.", secretId));
        }
        revokeAccess(configuration, secretId, groupId);
        extraInfo.put("group", group.get().getName());
        extraInfo.put("secret removed", secret.get().name());
        auditLog.recordEvent(new Event(Instant.now(), EventTag.CHANGEACL_GROUP_SECRET, user, group.get().getName(), extraInfo));
    });
}
Also used : Group(keywhiz.api.model.Group) SecretSeries(keywhiz.api.model.SecretSeries) Event(keywhiz.log.Event)

Example 22 with SecretSeries

use of keywhiz.api.model.SecretSeries in project keywhiz by square.

the class AclDAO method findAndAllowAccess.

public void findAndAllowAccess(long secretId, long groupId, AuditLog auditLog, String user, Map<String, String> extraInfo) {
    dslContext.transaction(configuration -> {
        GroupDAO groupDAO = groupDAOFactory.using(configuration);
        SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
        Optional<Group> group = groupDAO.getGroupById(groupId);
        if (!group.isPresent()) {
            logger.info("Failure to allow access groupId {}, secretId {}: groupId not found.", groupId, secretId);
            throw new IllegalStateException(format("GroupId %d doesn't exist.", groupId));
        }
        Optional<SecretSeries> secret = secretSeriesDAO.getSecretSeriesById(secretId);
        if (!secret.isPresent()) {
            logger.info("Failure to allow access groupId {}, secretId {}: secretId not found.", groupId, secretId);
            throw new IllegalStateException(format("SecretId %d doesn't exist.", secretId));
        }
        allowAccess(configuration, secretId, groupId);
        extraInfo.put("group", group.get().getName());
        extraInfo.put("secret added", secret.get().name());
        auditLog.recordEvent(new Event(Instant.now(), EventTag.CHANGEACL_GROUP_SECRET, user, group.get().getName(), extraInfo));
    });
}
Also used : Group(keywhiz.api.model.Group) SecretSeries(keywhiz.api.model.SecretSeries) Event(keywhiz.log.Event)

Example 23 with SecretSeries

use of keywhiz.api.model.SecretSeries in project keywhiz by square.

the class SecretsResourceTest method findDeletedSecretsByName.

@Test
public void findDeletedSecretsByName() {
    SecretSeries secretSeries1 = SecretSeries.of(1, "blah.name1.blah", null, "desc", NOW, "user", NOW, "user", null, emptyMap, null);
    SecretSeries secretSeries2 = SecretSeries.of(2, "blahblah.name1.blahh", null, "desc", NOW, "user", NOW, "user", null, emptyMap, null);
    when(secretDAO.getSecretsWithDeletedName("name1")).thenReturn(ImmutableList.of(secretSeries1, secretSeries2));
    assertThat(resource.findDeletedSecretsByName(user, "name1")).containsExactlyInAnyOrder(secretSeries1, secretSeries2);
}
Also used : SecretSeries(keywhiz.api.model.SecretSeries) Test(org.junit.Test)

Example 24 with SecretSeries

use of keywhiz.api.model.SecretSeries in project keywhiz by square.

the class SecretTransformerTest method transformsOwner.

@Test
public void transformsOwner() {
    String ownerName = "foo";
    SecretSeries series = validSeries().toBuilder().owner(ownerName).build();
    SecretContent content = validContent();
    SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
    Secret secret = transformer.transform(seriesAndContent);
    assertEquals(ownerName, secret.getOwner());
}
Also used : Secret(keywhiz.api.model.Secret) SecretSeries(keywhiz.api.model.SecretSeries) SecretContent(keywhiz.api.model.SecretContent) SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent) Test(org.junit.Test)

Example 25 with SecretSeries

use of keywhiz.api.model.SecretSeries in project keywhiz by square.

the class SecretSeriesDAOTest method getMultipleSecretSeriesByNameDuplicatesReturnsOne.

@Test
public void getMultipleSecretSeriesByNameDuplicatesReturnsOne() {
    int before = tableSize();
    long now = OffsetDateTime.now().toEpochSecond();
    ApiDate nowDate = new ApiDate(now);
    long id = secretSeriesDAO.createSecretSeries("newSecretSeries", null, "creator", "desc", null, ImmutableMap.of("foo", "bar"), now);
    long contentId = secretContentDAO.createSecretContent(id, "blah", "checksum", "creator", null, 0, now);
    secretSeriesDAO.setCurrentVersion(id, contentId, "creator", now);
    List<SecretSeries> expected = List.of(SecretSeries.of(id, "newSecretSeries", null, "desc", nowDate, "creator", nowDate, "creator", null, ImmutableMap.of("foo", "bar"), contentId));
    assertThat(tableSize()).isEqualTo(before + 1);
    // Requesting same secret multiple times - should yield one result
    List<SecretSeries> actual = secretSeriesDAO.getMultipleSecretSeriesByName(List.of("newSecretSeries", "newSecretSeries", "newSecretSeries"));
    assertThat(actual).isEqualTo(expected);
}
Also used : ApiDate(keywhiz.api.ApiDate) SecretSeries(keywhiz.api.model.SecretSeries) Test(org.junit.Test)

Aggregations

SecretSeries (keywhiz.api.model.SecretSeries)30 Test (org.junit.Test)12 SecretContent (keywhiz.api.model.SecretContent)9 SecretSeriesAndContent (keywhiz.api.model.SecretSeriesAndContent)8 ApiDate (keywhiz.api.ApiDate)6 ImmutableList (com.google.common.collect.ImmutableList)5 VisibleForTesting (com.google.common.annotations.VisibleForTesting)3 NotFoundException (javax.ws.rs.NotFoundException)3 SecretsRecord (keywhiz.jooq.tables.records.SecretsRecord)3 HashSet (java.util.HashSet)2 Group (keywhiz.api.model.Group)2 SanitizedSecret (keywhiz.api.model.SanitizedSecret)2 Secret (keywhiz.api.model.Secret)2 Event (keywhiz.log.Event)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 ArrayList (java.util.ArrayList)1 BadRequestException (javax.ws.rs.BadRequestException)1 ContentEncodingException (keywhiz.service.crypto.ContentEncodingException)1 Record (org.jooq.Record)1 DataAccessException (org.jooq.exception.DataAccessException)1