Example 1 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretResource method backfillHmac.
/**
* Backfill content hmac for this secret.
*/
@Timed
@ExceptionMetered
@Path("{name}/backfill-hmac")
@POST
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public boolean backfillHmac(@Auth AutomationClient automationClient, @PathParam("name") String name, List<String> passwords) {
Optional<SecretSeriesAndContent> secret = secretDAO.getSecretByName(name);
if (!secret.isPresent()) {
return false;
}
logger.info("backfill-hmac {}: processing secret", name);
SecretContent secretContent = secret.get().content();
if (!secretContent.hmac().isEmpty()) {
// No need to backfill
return true;
}
String hmac = cryptographer.computeHmac(cryptographer.decrypt(secretContent.encryptedContent()).getBytes(UTF_8));
// We expect only one row to be changed
return secretSeriesDAO.setHmac(secretContent.id(), hmac) == 1;
}
Also used :
SecretContent(keywhiz.api.model.SecretContent)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 2 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretDAO method getSecrets.
/** @return list of secrets. can limit/sort by expiry, and for group if given */
public ImmutableList<SecretSeriesAndContent> getSecrets(@Nullable Long expireMaxTime, Group group) {
return dslContext.transactionResult(configuration -> {
SecretContentDAO secretContentDAO = secretContentDAOFactory.using(configuration);
SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
ImmutableList.Builder<SecretSeriesAndContent> secretsBuilder = ImmutableList.builder();
for (SecretSeries series : secretSeriesDAO.getSecretSeries(expireMaxTime, group)) {
SecretContent content = secretContentDAO.getSecretContentById(series.currentVersion().get()).get();
SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
secretsBuilder.add(seriesAndContent);
}
return secretsBuilder.build();
});
}
Also used :
SecretSeries(keywhiz.api.model.SecretSeries)
ImmutableList(com.google.common.collect.ImmutableList)
SecretContent(keywhiz.api.model.SecretContent)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Example 3 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretDAOTest method getSecretByNameOneReturnsEmptyWhenRowIsMissing.
@Test
public void getSecretByNameOneReturnsEmptyWhenRowIsMissing() {
String name = "nonExistantSecret";
assertThat(secretDAO.getSecretByName(name)).isEmpty();
long newId = secretDAO.createSecret(name, null, "content", cryptographer.computeHmac("content".getBytes(UTF_8), "hmackey"), "creator", ImmutableMap.of(), 0, "", null, ImmutableMap.of());
SecretSeriesAndContent newSecret = secretDAO.getSecretById(newId).get();
assertThat(secretDAO.getSecretByName(name)).isPresent();
jooqContext.deleteFrom(SECRETS_CONTENT).where(SECRETS_CONTENT.ID.eq(newSecret.content().id())).execute();
assertThat(secretDAO.getSecretByName(name)).isEmpty();
}
Also used :
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Example 4 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretDAOTest method partialUpdateSecretWhenSecretExists.
@Test
public void partialUpdateSecretWhenSecretExists() {
// Update the content and set the type for series1
long id = secretDAO.partialUpdateSecret(series1.name(), "creator1", PartialUpdateSecretRequestV2.builder().contentPresent(true).content("content1").typePresent(true).type("type1").build());
SecretSeriesAndContent newSecret = secretDAO.getSecretById(id).orElseThrow(IllegalStateException::new);
assertThat(newSecret.series().createdBy()).isEqualTo("creator");
assertThat(newSecret.series().updatedBy()).isEqualTo("creator1");
assertThat(newSecret.series().description()).isEqualTo(series1.description());
assertThat(newSecret.series().type().get()).isEqualTo("type1");
assertThat(newSecret.content().createdBy()).isEqualTo("creator1");
assertThat(newSecret.content().hmac()).isEqualTo(cryptographer.computeHmac("content1".getBytes(UTF_8), "hmackey"));
assertThat(newSecret.content().metadata()).isEqualTo(secret1.content().metadata());
assertThat(newSecret.content().expiry()).isEqualTo(secret1.content().expiry());
// Update the expiry and metadata for series2
id = secretDAO.partialUpdateSecret(series2.name(), "creator2", PartialUpdateSecretRequestV2.builder().expiryPresent(true).expiry(12345L).metadataPresent(true).metadata(ImmutableMap.of("owner", "keywhiz-test")).build());
newSecret = secretDAO.getSecretById(id).orElseThrow(IllegalStateException::new);
assertThat(newSecret.series().createdBy()).isEqualTo("creator");
assertThat(newSecret.series().updatedBy()).isEqualTo("creator2");
assertThat(newSecret.series().description()).isEqualTo(series2.description());
assertThat(newSecret.content().createdBy()).isEqualTo("creator2");
assertThat(newSecret.content().hmac()).isEqualTo("checksum");
assertThat(newSecret.content().metadata()).isEqualTo(ImmutableMap.of("owner", "keywhiz-test"));
assertThat(newSecret.content().expiry()).isEqualTo(12345L);
}
Also used :
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Example 5 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretDAOTest method createOrUpdateSecretWhenSecretDoesNotExist.
// ---------------------------------------------------------------------------------------
// createOrUpdateSecret
// ---------------------------------------------------------------------------------------
@Test
public void createOrUpdateSecretWhenSecretDoesNotExist() {
int secretsBefore = tableSize(SECRETS);
int secretContentsBefore = tableSize(SECRETS_CONTENT);
String name = "newSecret";
String content = "c2VjcmV0MQ==";
String hmac = cryptographer.computeHmac(content.getBytes(UTF_8), "hmackey");
String encryptedContent = cryptographer.encryptionKeyDerivedFrom(name).encrypt(content);
long newId = secretDAO.createOrUpdateSecret(name, null, encryptedContent, hmac, "creator", ImmutableMap.of(), 0, "", null, ImmutableMap.of());
SecretSeriesAndContent newSecret = secretDAO.getSecretById(newId).get();
assertThat(tableSize(SECRETS)).isEqualTo(secretsBefore + 1);
assertThat(tableSize(SECRETS_CONTENT)).isEqualTo(secretContentsBefore + 1);
newSecret = secretDAO.getSecretByName(newSecret.series().name()).get();
assertThat(secretDAO.getSecrets(null, null, null, null, null)).containsOnly(secret1, secret2b, newSecret);
}
Also used :
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Aggregations
SecretSeriesAndContent (keywhiz.api.model.SecretSeriesAndContent)26
Test (org.junit.Test)16
SecretContent (keywhiz.api.model.SecretContent)9
SecretSeries (keywhiz.api.model.SecretSeries)8
ImmutableList (com.google.common.collect.ImmutableList)5
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)3
Timed (com.codahale.metrics.annotation.Timed)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
NotFoundException (javax.ws.rs.NotFoundException)2
Produces (javax.ws.rs.Produces)2
SanitizedSecret (keywhiz.api.model.SanitizedSecret)2
Secret (keywhiz.api.model.Secret)2
Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1
Preconditions.checkNotNull (com.google.common.base.Preconditions.checkNotNull)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
UTF_8 (java.nio.charset.StandardCharsets.UTF_8)1
ArrayList (java.util.ArrayList)1
