com.codahale.metrics.annotation.ExceptionMetered Java Examples

The following examples show how to use com.codahale.metrics.annotation.ExceptionMetered. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AutomationSecretAccessResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Remove Secret from Group
 *
 * @param automationClient the client with automation access performing this operation
 * @param secretId the ID of the Secret to unassign
 * @param groupId the ID of the Group to be removed from
 * @return 200 on success, 404 if the secret or group is absent
 *
 * description Unassigns the Secret specified by the secretID from the Group specified by the groupID
 * responseMessage 200 Successfully removed Secret from Group
 * responseMessage 404 Could not find Secret or Group
 */
@Timed @ExceptionMetered
@DELETE
public Response disallowAccess(
    @Auth AutomationClient automationClient,
    @PathParam("secretId") LongParam secretId,
    @PathParam("groupId") LongParam groupId) {
  logger.info("Client '{}' disallowing groupId={} access to secretId={}",
      automationClient, secretId, groupId);

  try {
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("deprecated", "true");
    aclDAO.findAndRevokeAccess(secretId.get(), groupId.get(), auditLog, automationClient.getName(), extraInfo);
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #2
Source File: SecurityComponent.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up
@DirectMethod
@Timed
@ExceptionMetered
public UserXO getUser() {
  UserXO userXO = null;

  Subject subject = securitySystem.getSubject();
  if (subject != null && subject.isAuthenticated()) {
    userXO = new UserXO();
    userXO.setAuthenticated(subject.isAuthenticated());
    userXO.setAuthenticatedRealms(subject.getPrincipals().getRealmNames());

    // HACK: roles for the current user are not exposed to the UI.
    // HACK: but we need to know if user is admin or not for some things (like outreach)
    if (subject.isPermitted(new WildcardPermission2("nexus:*"))) {
      userXO.setAdministrator(true);
    }

    Object principal = subject.getPrincipal();
    if (principal != null) {
      userXO.setId(principal.toString());
    }
  }
  return userXO;
}
 
Example #3
Source File: SecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Delete a secret series
 *
 * @param name Secret series name
 *
 * responseMessage 204 Secret series deleted
 * responseMessage 404 Secret series not found
 */
@Timed @ExceptionMetered
@DELETE
@Path("{name}")
public Response deleteSecretSeries(@Auth AutomationClient automationClient,
    @PathParam("name") String name) {
  Secret secret = secretController.getSecretByName(name).orElseThrow(() -> new NotFoundException("Secret series not found."));

  // Get the groups for this secret so they can be restored manually if necessary
  Set<String> groups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());

  secretDAO.deleteSecretsByName(name);

  // Record the deletion in the audit log
  Map<String, String> extraInfo = new HashMap<>();
  extraInfo.put("groups", groups.toString());
  extraInfo.put("current version", secret.getVersion().toString());
  auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_DELETE, automationClient.getName(), name, extraInfo));
  return Response.noContent().build();
}
 
Example #4
Source File: CleanupPolicyComponent.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up
/**
 * Load configuration to check whether a field should be enabled for a given format
 */
@DirectMethod
@Timed
@ExceptionMetered
@RequiresAuthentication
@RequiresPermissions("nexus:*")
@Validate
public Map<String, Map<String, Boolean>> getApplicableFields(final List<String> fields) {
  Map<String, Map<String, Boolean>> applicability = new HashMap<>();
  for (Entry<String, CleanupPolicyConfiguration> config : cleanupPolicyConfiguration.entrySet()) {
    String format = config.getKey();

    Map<String, Boolean> fieldApplicability = fields.stream()
        .collect(toMap(identity(), f -> isFieldApplicable(format, f)));

    applicability.put(format, fieldApplicability);
  }

  return applicability;
}
 
Example #5
Source File: SecurityComponent.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up
@DirectMethod
@Timed
@ExceptionMetered
@Validate
public UserXO authenticate(@NotEmpty final String base64Username, @NotEmpty final String base64Password)
    throws Exception
{
  Subject subject = securitySystem.getSubject();

  // FIXME: Subject is not nullable, but we have code that checks for nulls, likely from testing setups, verify and simplify
  checkState(subject != null);

  try {
    subject.login(new UsernamePasswordToken(
        Strings2.decodeBase64(base64Username),
        Strings2.decodeBase64(base64Password),
        false
    ));
  }
  catch (Exception e) {
    throw new Exception("Authentication failed", e);
  }

  return getUser();
}
 
Example #6
Source File: LogEventComponent.java    From nexus-public with Eclipse Public License 1.0 6 votes vote down vote up
@DirectMethod
@Timed
@ExceptionMetered
public void recordEvent(final LogEventXO event) {
  if (!enabled) {
    return;
  }

  checkNotNull(event);

  Level level = levels.get(event.getLevel());
  checkState(level != null, "Invalid level: %s", event.getLevel());

  Logger logger = LoggerFactory.getLogger(event.getLogger());
  level.log(logger, event.getMessage());
}
 
Example #7
Source File: SecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve listing of secret names.  If "idx" and "num" are both provided, retrieve "num"
 * names starting at "idx" from a list of secret names ordered by creation date, with
 * order depending on "newestFirst" (which defaults to "true")
 *
 * @param idx the index from which to start retrieval in the list of secret names
 * @param num the number of names to retrieve
 * @param newestFirst whether to list the most-recently-created names first
 * responseMessage 200 List of secret names
 * responseMessage 400 Invalid (negative) idx or num
 */
@Timed @ExceptionMetered
@GET
@Produces(APPLICATION_JSON)
public Iterable<String> secretListing(@Auth AutomationClient automationClient,
    @QueryParam("idx") Integer idx, @QueryParam("num") Integer num,
    @DefaultValue("true") @QueryParam("newestFirst") boolean newestFirst) {
  if (idx != null && num != null) {
    if (idx < 0 || num < 0) {
      throw new BadRequestException(
          "Index and num must both be positive when retrieving batched secrets!");
    }
    return secretControllerReadOnly.getSecretsBatched(idx, num, newestFirst).stream()
        .map(SanitizedSecret::name)
        .collect(toList());
  }
  return secretControllerReadOnly.getSanitizedSecrets(null, null).stream()
      .map(SanitizedSecret::name)
      .collect(toSet());
}
 
Example #8
Source File: SecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Updates a subset of the fields of an existing secret
 *
 * @param request JSON request to update a secret
 *
 * responseMessage 201 Created secret and assigned to given groups
 */
@Timed @ExceptionMetered
@Path("{name}/partialupdate")
@POST
@Consumes(APPLICATION_JSON)
public Response partialUpdateSecret(@Auth AutomationClient automationClient,
    @PathParam("name") String name,
    @Valid PartialUpdateSecretRequestV2 request) {
  secretDAO.partialUpdateSecret(name, automationClient.getName(), request);

  Map<String, String> extraInfo = new HashMap<>();
  if (request.description() != null) {
    extraInfo.put("description", request.description());
  }
  if (request.metadata() != null) {
    extraInfo.put("metadata", request.metadata().toString());
  }
  if (request.expiry() != null) {
    extraInfo.put("expiry", Long.toString(request.expiry()));
  }
  auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_UPDATE, automationClient.getName(), name, extraInfo));

  UriBuilder uriBuilder = UriBuilder.fromResource(SecretResource.class).path(name);

  return Response.created(uriBuilder.build()).build();
}
 
Example #9
Source File: SecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve listing of secrets.  If "idx" and "num" are both provided, retrieve "num"
 * names starting at "idx" from a list of secrets ordered by creation date, with
 * order depending on "newestFirst" (which defaults to "true")
 *
 * @param idx the index from which to start retrieval in the list of secrets
 * @param num the number of names to retrieve
 * @param newestFirst whether to list the most-recently-created names first
 * responseMessage 200 List of secret names
 * responseMessage 400 Invalid (negative) idx or num
 */
@Timed @ExceptionMetered
@Path("/v2")
@GET
@Produces(APPLICATION_JSON)
public Iterable<SanitizedSecret> secretListingV2(@Auth AutomationClient automationClient,
    @QueryParam("idx") Integer idx, @QueryParam("num") Integer num,
    @DefaultValue("true") @QueryParam("newestFirst") boolean newestFirst) {
  if (idx != null && num != null) {
    if (idx < 0 || num < 0) {
      throw new BadRequestException(
          "Index and num must both be positive when retrieving batched secrets!");
    }
    return secretControllerReadOnly.getSecretsBatched(idx, num, newestFirst);
  }
  return secretControllerReadOnly.getSanitizedSecrets(null, null);
}
 
Example #10
Source File: SecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Reset the current version of the given secret to the given version index.
 *
 * @param request A request to update a given secret
 *
 * responseMessage 201 Secret series current version updated successfully
 * responseMessage 400 Invalid secret version specified
 * responseMessage 404 Secret series not found
 */
@Timed @ExceptionMetered
@Path("{name}/setversion")
@POST
public Response resetSecretVersion(@Auth AutomationClient automationClient,
    @Valid SetSecretVersionRequestV2 request) {
  secretDAO.setCurrentSecretVersionByName(request.name(), request.version(),
      automationClient.getName());

  // If the secret wasn't found or the request was misformed, setCurrentSecretVersionByName
  // already threw an exception
  Map<String, String> extraInfo = new HashMap<>();
  extraInfo.put("new version", Long.toString(request.version()));
  auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_CHANGEVERSION,
      automationClient.getName(), request.name(), extraInfo));

  return Response.status(Response.Status.CREATED).build();
}
 
Example #11
Source File: GroupsResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Delete Group by ID
 *
 * @param user the admin user performing this operation
 * @param groupId the ID of the Group to be deleted
 * @return 200 if the deletion succeeded, 404 if the group was not found
 *
 * description Deletes a single Group if found.
 * Used by Keywhiz CLI and the web ui.
 * responseMessage 200 Found and deleted Group with given ID
 * responseMessage 404 Group with given ID not Found
 */
@Path("{groupId}")
@Timed @ExceptionMetered
@DELETE
public Response deleteGroup(@Auth User user, @PathParam("groupId") LongParam groupId) {
  logger.info("User '{}' deleting group id={}.", user, groupId);

  Optional<Group> group = groupDAO.getGroupById(groupId.get());
  if (!group.isPresent()) {
    throw new NotFoundException("Group not found.");
  }

  groupDAO.deleteGroup(group.get());
  auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_DELETE, user.getName(), group.get().getName()));
  return Response.noContent().build();
}
 
Example #12
Source File: SecretsResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve Secret by a specified name and version, or all Secrets if name is not given
 *
 * @param user        the admin user performing this operation
 * @param name        the name of the Secret to retrieve, if provided
 * @param nameOnly    if set, the result only contains the id and name for the secrets.
 * @param idx         if set, the desired starting index in a list of secrets to be retrieved
 * @param num         if set, the number of secrets to retrieve
 * @param newestFirst whether to order the secrets by creation date with newest first; defaults to
 *                    true
 * @return a single Secret or a set of all Secrets for this user.
 * <p>
 * Used by Keywhiz CLI and the web ui.
 * <p>
 * responseMessage 200 Found and retrieved Secret(s)
 * <p>
 * responseMessage 404 Secret with given name not found (if name provided)
 */
@Timed @ExceptionMetered
@GET
public Response findSecrets(@Auth User user, @DefaultValue("") @QueryParam("name") String name,
    @DefaultValue("") @QueryParam("nameOnly") String nameOnly, @QueryParam("idx") Integer idx,
    @QueryParam("num") Integer num,
    @DefaultValue("true") @QueryParam("newestFirst") Boolean newestFirst) {
  if (!name.isEmpty() && idx != null && num != null) {
    throw new BadRequestException("Name and idx/num cannot both be specified");
  }

  validateArguments(name, nameOnly, idx, num);

  if (name.isEmpty()) {
    if (nameOnly.isEmpty()) {
      if (idx == null || num == null) {
        return Response.ok().entity(listSecrets(user)).build();
      } else {
        return Response.ok().entity(listSecretsBatched(user, idx, num, newestFirst)).build();
      }
    } else {
      return Response.ok().entity(listSecretsNameOnly(user)).build();
    }
  }
  return Response.ok().entity(retrieveSecret(user, name)).build();
}
 
Example #13
Source File: GroupResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Creates a group
 *
 * @param request JSON request to create a group
 *
 * responseMessage 201 Created group
 * responseMessage 409 Group already exists
 */
@Timed @ExceptionMetered
@POST
@Consumes(APPLICATION_JSON)
public Response createGroup(@Auth AutomationClient automationClient,
    @Valid CreateGroupRequestV2 request) {
  String creator = automationClient.getName();
  String group = request.name();

  groupDAOReadWrite.getGroup(group).ifPresent((g) -> {
    logger.info("Automation ({}) - Group {} already exists", creator, group);
    throw new ConflictException(format("Group %s already exists", group));
  });

  groupDAOReadWrite.createGroup(group, creator, request.description(), request.metadata());
  Map<String, String> extraInfo = new HashMap<>();
  if (request.description() != null) {
    extraInfo.put("description", request.description());
  }
  if (request.metadata() != null) {
    extraInfo.put("metadata", request.metadata().toString());
  }
  auditLog.recordEvent(new Event(Instant.now(), EventTag.GROUP_CREATE, creator, group, extraInfo));
  URI uri = UriBuilder.fromResource(GroupResource.class).path(group).build();
  return Response.created(uri).build();
}
 
Example #14
Source File: ClientResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Modify a client
 *
 * @param currentName Client name
 * @param request     JSON request to modify the client
 * @return the updated client
 * <p>
 * responseMessage 201 Client updated
 * <p>
 * responseMessage 404 Client not found
 */
@Timed @ExceptionMetered
@POST
@Path("{name}")
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public ClientDetailResponseV2 modifyClient(@Auth AutomationClient automationClient,
    @PathParam("name") String currentName, @Valid ModifyClientRequestV2 request) {
  Client client = clientDAOReadWrite.getClientByName(currentName)
      .orElseThrow(NotFoundException::new);
  String newName = request.name();

  // TODO: implement change client (name, updatedAt, updatedBy)
  throw new NotImplementedException(format(
      "Need to implement mutation methods in DAO to rename %s to %s", client.getName(), newName));
}
 
Example #15
Source File: EventDriverMetrics.java    From dropwizard-websockets with MIT License 6 votes vote down vote up
public EventDriverMetrics(final Class<?> endpointClass, MetricRegistry metrics) {
    final Class<?> klass = endpointClass;
    Metered metered = klass.getAnnotation(Metered.class);
    Timed timed = klass.getAnnotation(Timed.class);
    ExceptionMetered em = klass.getAnnotation(ExceptionMetered.class);
    this.onTextMeter = metered != null
            ? Optional.of(metrics.meter(MetricRegistry.name(metered.name(), klass.getName(), OnMessage.class.getSimpleName())))
            : Optional.empty();
    this.countOpened = metered != null
            ? Optional.of(metrics.counter(MetricRegistry.name(metered.name(), klass.getName(), OPEN_CONNECTIONS)))
            : Optional.empty();
    this.timer = timed != null
            ? Optional.of(metrics.timer(MetricRegistry.name(timed.name(), klass.getName())))
            : Optional.empty();
    this.exceptionMetered = em != null
            ? Optional.of(metrics.meter(MetricRegistry.name(em.name(), klass.getName(), OnError.class.getSimpleName())))
            : Optional.empty();
}
 
Example #16
Source File: SecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve the given range of versions of this secret, sorted from newest to
 * oldest update time.  If versionIdx is nonzero, then numVersions versions,
 * starting from versionIdx in the list and increasing in index, will be
 * returned (set numVersions to a very large number to retrieve all versions).
 * For instance, versionIdx = 5 and numVersions = 10 will retrieve entries
 * at indices 5 through 14.
 *
 * @param name Secret series name
 * @param versionIdx The index in the list of versions of the first version to retrieve
 * @param numVersions The number of versions to retrieve
 *
 * responseMessage 200 Secret series information retrieved
 * responseMessage 404 Secret series not found
 */
@Timed @ExceptionMetered
@GET
@Path("{name}/versions")
@Produces(APPLICATION_JSON)
public Iterable<SecretDetailResponseV2> secretVersions(@Auth AutomationClient automationClient,
    @PathParam("name") String name, @QueryParam("versionIdx") int versionIdx,
    @QueryParam("numVersions") int numVersions) {
  ImmutableList<SanitizedSecret> versions =
      secretDAO.getSecretVersionsByName(name, versionIdx, numVersions)
          .orElseThrow(NotFoundException::new);

  return versions.stream()
      .map(v -> SecretDetailResponseV2.builder()
          .sanitizedSecret(v)
          .build())
      .collect(toList());
}
 
Example #17
Source File: SecretsResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Rollback to a previous secret version
 *
 * @param user       the admin user performing this operation
 * @param secretName the name of the secret to rollback
 * @param versionId  the ID of the version to return to
 * @return 200 if the rollback was successful, 404 for missing secret or bad input
 * <p>
 * description Returns the previous versions of the secret if found Used by Keywhiz CLI.
 * <p>
 * responseMessage 200 Found and reset the secret to this version
 * <p>
 * responseMessage 404 Secret with given name not found or invalid version provided
 */
@Path("rollback/{secretName}/{versionId}")
@Timed @ExceptionMetered
@POST
public Response resetSecretVersion(@Auth User user, @PathParam("secretName") String secretName,
    @PathParam("versionId") LongParam versionId) {

  logger.info("User '{}' rolling back secret '{}' to version with ID '{}'.", user, secretName,
      versionId);

  secretDAOReadWrite.setCurrentSecretVersionByName(secretName, versionId.get(), user.getName());

  // If the secret wasn't found or the request was misformed, setCurrentSecretVersionByName
  // already threw an exception
  Map<String, String> extraInfo = new HashMap<>();
  extraInfo.put("new version", versionId.toString());
  auditLog.recordEvent(
      new Event(Instant.now(), EventTag.SECRET_CHANGEVERSION, user.getName(), secretName,
          extraInfo));

  // Send the new secret in response
  URI uri = UriBuilder.fromResource(SecretsResource.class)
      .path("rollback/{secretName}/{versionID}")
      .build(secretName, versionId);
  return Response.created(uri).entity(secretDetailResponseFromName(secretName)).build();
}
 
Example #18
Source File: ClientResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Delete a client
 *
 * @param name Client name
 * @return 200 if the deletion was successful, 404 if the client was not found
 * <p>
 * responseMessage 204 Client deleted
 * <p>
 * responseMessage 404 Client not found
 */
@Timed @ExceptionMetered
@DELETE
@Path("{name}")
public Response deleteClient(@Auth AutomationClient automationClient,
    @PathParam("name") String name) {
  Client client = clientDAOReadWrite.getClientByName(name)
      .orElseThrow(NotFoundException::new);

  // Group memberships are deleted automatically by DB cascading.
  clientDAOReadWrite.deleteClient(client);
  auditLog.recordEvent(
      new Event(Instant.now(), EventTag.CLIENT_DELETE, automationClient.getName(),
          client.getName()));
  return Response.noContent().build();
}
 
Example #19
Source File: AutomationGroupResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve Group by a specified name, or all Groups if no name given
 *
 * @param automationClient the client with automation access performing this operation
 * @param name the name of the Group to retrieve, if provided
 * @return details on the specified group, or an all groups if no name specified
 *
 * optionalParams name
 * description Returns a single Group or a set of all Groups
 * responseMessage 200 Found and retrieved Group(s)
 * responseMessage 404 Group with given name not found (if name provided)
 */
@Timed @ExceptionMetered
@GET
public Response getGroupByName(
    @Auth AutomationClient automationClient,
    @QueryParam("name") Optional<String> name) {
  if (name.isPresent()) {
    Group group = groupDAO.getGroup(name.get()).orElseThrow(NotFoundException::new);

    ImmutableList<Client> clients = ImmutableList.copyOf(aclDAO.getClientsFor(group));
    ImmutableList<SanitizedSecret> sanitizedSecrets =
        ImmutableList.copyOf(aclDAO.getSanitizedSecretsFor(group));
    return Response.ok()
        .entity(GroupDetailResponse.fromGroup(group, sanitizedSecrets, clients))
        .build();
  }

  ImmutableList<SanitizedSecret> emptySecrets = ImmutableList.of();
  ImmutableList<Client> emptyClients = ImmutableList.of();
  List<GroupDetailResponse> groups = groupDAO.getGroups().stream()
      .map((g) -> GroupDetailResponse.fromGroup(g, emptySecrets, emptyClients))
      .collect(toList());
  return Response.ok()
      .entity(groups)
      .build();
}
 
Example #20
Source File: MembershipResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Allow a Group to access this Secret
 *
 * @param user the admin user performing this operation
 * @param secretId ID value of a Secret
 * @param groupId ID value of a Group
 * @return 200 on success, 404 if secret or group is missing
 *
 * description Assigns the Secret specified by the secretID to the Group specified by the groupID
 * Used by Keywhiz CLI and the web ui.
 * responseMessage 200 Successfully enrolled Secret in Group
 * responseMessage 404 Could not find Secret or Group
 */
@Path("/secrets/{secretId}/groups/{groupId}")
@Timed @ExceptionMetered
@PUT
public Response allowAccess(
    @Auth User user,
    @PathParam("secretId") LongParam secretId,
    @PathParam("groupId") LongParam groupId) {

  logger.info("User '{}' allowing groupId {} access to secretId {}", user, groupId, secretId);

  try {
    aclDAO.findAndAllowAccess(secretId.get(), groupId.get(), auditLog, user.getName(), new HashMap<>());
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #21
Source File: MembershipResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Disallow a Group to access this Secret
 *
 * @param user the admin user performing this operation
 * @param secretId ID value of a Secret
 * @param groupId ID value of a Group
 * @return 200 if operation successful, 404 if secret or group not present
 *
 * description Unassigns the Secret specified by the secretID from the Group specified by the groupID
 * Used by Keywhiz CLI and the web ui.
 * responseMessage 200 Successfully removed Secret from Group
 * responseMessage 404 Could not find Secret or Group
 */
@Path("/secrets/{secretId}/groups/{groupId}")
@Timed @ExceptionMetered
@DELETE
public Response disallowAccess(
    @Auth User user,
    @PathParam("secretId") LongParam secretId,
    @PathParam("groupId") LongParam groupId) {

  logger.info("User '{}' disallowing groupId {} access to secretId {}", user, groupId, secretId);

  try {
    aclDAO.findAndRevokeAccess(secretId.get(), groupId.get(), auditLog, user.getName(), new HashMap<>());
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #22
Source File: MembershipResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Enroll a Client into a Group
 *
 * @param user the admin user performing this operation
 * @param clientId ID value of a Client
 * @param groupId ID value of a Group
 * @return 200 on success, 404 if client or group not found
 *
 * description Assigns the Client specified by the clientID to the Group specified by the groupID
 * responseMessage 200 Successfully enrolled Client in Group
 * responseMessage 404 Could not find Client or Group
 */
@Path("/clients/{clientId}/groups/{groupId}")
@Timed @ExceptionMetered
@PUT
public Response enrollClient(
  @Auth User user,
  @PathParam("clientId") LongParam clientId,
  @PathParam("groupId") LongParam groupId) {

  logger.info("User {} enrolling clientId {} in groupId {}.", user.getName(), clientId, groupId);

  try {
    aclDAO.findAndEnrollClient(clientId.get(), groupId.get(), auditLog, user.getName(), new HashMap<>());
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #23
Source File: MembershipResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Remove a Client from a Group
 *
 * @param user the admin user performing this operation
 * @param clientId ID value of a Client
 * @param groupId ID value of a Group
 * @return 200 on success, 404 if client or group not found
 *
 * description Unassigns the Client specified by the clientID from the Group specified by the groupID
 * responseMessage 200 Successfully removed Client from Group
 * responseMessage 404 Could not find Client or Group
 */
@Path("/clients/{clientId}/groups/{groupId}")
@Timed @ExceptionMetered
@DELETE
public Response evictClient(
    @Auth User user,
    @PathParam("clientId") LongParam clientId,
    @PathParam("groupId") LongParam groupId) {
  logger.info("User {} evicting clientId {} from groupId {}.", user.getName(), clientId, groupId);

  try {
    aclDAO.findAndEvictClient(clientId.get(), groupId.get(), auditLog, user.getName(), new HashMap<>());
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #24
Source File: AutomationClientResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve Client by ID
 *
 * @param automationClient the client with automation access performing this operation
 * @param clientId the ID of the Client to retrieve
 * @return the specified client, if found
 *
 * description Returns a single Client if found
 * responseMessage 200 Found and retrieved Client with given ID
 * responseMessage 404 Client with given ID not Found
 */
@Timed @ExceptionMetered
@GET
@Path("{clientId}")
public Response findClientById(
    @Auth AutomationClient automationClient,
    @PathParam("clientId") LongParam clientId) {
  logger.info("Automation ({}) - Looking up an ID {}", automationClient.getName(), clientId);

  Client client = clientDAO.getClientById(clientId.get())
      .orElseThrow(NotFoundException::new);
  ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(client));

  return Response.ok()
      .entity(ClientDetailResponse.fromClient(client, groups, ImmutableList.of()))
      .build();
}
 
Example #25
Source File: AutomationClientResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve Client by a specified name, or all Clients if no name given
 *
 * @param automationClient the client with automation access performing this operation
 * @param name the name of the Client to retrieve, if provided
 * @return the specified client if found, or all clients if name omitted
 *
 * optionalParams name
 * description Returns a single Client or a set of all Clients
 * responseMessage 200 Found and retrieved Client(s)
 * responseMessage 404 Client with given name not found (if name provided)
 */
@Timed @ExceptionMetered
@GET
public Response findClient(
    @Auth AutomationClient automationClient,
    @QueryParam("name") Optional<String> name) {
  logger.info("Automation ({}) - Looking up a name {}", automationClient.getName(), name);

  if (name.isPresent()) {
    Client client = clientDAO.getClientByName(name.get()).orElseThrow(NotFoundException::new);
    ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(client));
    return Response.ok()
        .entity(ClientDetailResponse.fromClient(client, groups, ImmutableList.of()))
        .build();
  }

  List<ClientDetailResponse> clients = clientDAO.getClients().stream()
      .map(c -> ClientDetailResponse.fromClient(c, ImmutableList.copyOf(aclDAO.getGroupsFor(c)),
          ImmutableList.of()))
      .collect(toList());
  return Response.ok().entity(clients).build();
}
 
Example #26
Source File: AutomationGroupResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Deletes a group
 *
 * @param automationClient the client with automation access performing this operation
 * @param groupId the ID of the group to delete
 * @return 200 if the group was removed successfully, 404 if the group was not found
 *
 * description Deletes a single group by id
 * responseMessage 200 Deleted group
 * responseMessage 404 Group not found by id
 */
@Timed @ExceptionMetered
@DELETE
@Path("{groupId}")
public Response deleteGroup(
    @Auth AutomationClient automationClient,
    @PathParam("groupId") LongParam groupId) {
  Group group = groupDAO.getGroupById(groupId.get()).orElseThrow(NotFoundException::new);
  groupDAO.deleteGroup(group);
  Map<String, String> extraInfo = new HashMap<>();
  extraInfo.put("deprecated", "true");
  auditLog.recordEvent(
      new Event(Instant.now(), EventTag.GROUP_DELETE, automationClient.getName(), group.getName(),
          extraInfo));
  return Response.ok().build();
}
 
Example #27
Source File: AutomationEnrollClientGroupResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Enroll Client in Group
 *
 * @param automationClient the client with automation access performing this operation
 * @param clientId the ID of the Client to assign
 * @param groupId the ID of the Group to be assigned to
 * @return 200 on success, 404 if client or group is missing
 *
 * description Assigns the Client specified by the clientID to the Group specified by the
 * groupID
 * responseMessage 200 Successfully enrolled Client in Group
 * responseMessage 404 Could not find Client or Group
 */
@Timed @ExceptionMetered
@PUT
public Response enrollClientInGroup(
    @Auth AutomationClient automationClient,
    @PathParam("clientId") LongParam clientId,
    @PathParam("groupId") LongParam groupId) {

  try {
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("deprecated", "true");
    aclDAO.findAndEnrollClient(clientId.get(), groupId.get(), auditLog,
        automationClient.getName(), extraInfo);
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #28
Source File: AutomationEnrollClientGroupResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Remove Client from Group
 *
 * @param automationClient the client with automation access performing this operation
 * @param clientId the ID of the Client to unassign
 * @param groupId the ID of the Group to be removed from
 * @return 200 on succes, 404 if client or group not present
 *
 * description Unassigns the Client specified by the clientID from the Group specified by the
 * groupID
 * responseMessage 200 Successfully removed Client from Group
 * responseMessage 404 Could not find Client or Group
 */
@Timed @ExceptionMetered
@DELETE
public Response evictClientFromGroup(
    @Auth AutomationClient automationClient,
    @PathParam("clientId") long clientId,
    @PathParam("groupId") long groupId) {

  try {
    Map<String, String> extraInfo = new HashMap<>();
    extraInfo.put("deprecated", "true");
    aclDAO.findAndEvictClient(clientId, groupId, auditLog, automationClient.getName(), extraInfo);
  } catch (IllegalStateException e) {
    throw new NotFoundException();
  }

  return Response.ok().build();
}
 
Example #29
Source File: AutomationSecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve secret by ID
 *
 * @param automationClient the client with automation access performing this operation
 * @param secretId the ID of the secret to retrieve
 * @return details on the specified secret
 *
 * description Returns a single secret if found
 * responseMessage 200 Found and retrieved secret with given ID
 * responseMessage 404 Secret with given ID not found
 */
@Path("{secretId}")
@Timed @ExceptionMetered
@GET
public AutomationSecretResponse readSecretById(
    @Auth AutomationClient automationClient,
    @PathParam("secretId") LongParam secretId) {

  Optional<Secret> secret = secretController.getSecretById(secretId.get());
  if (!secret.isPresent()) {
    throw new NotFoundException("Secret not found.");
  }

  ImmutableList<Group> groups = ImmutableList.copyOf(aclDAO.getGroupsFor(secret.get()));

  return AutomationSecretResponse.fromSecret(secret.get(), groups);
}
 
Example #30
Source File: AutomationSecretResource.java    From keywhiz with Apache License 2.0 6 votes vote down vote up
/**
 * Deletes all versions of a secret series
 *
 * @param automationClient the client with automation access performing this operation
 * @param secretName the name of the secret series to delete
 * @return 200 if the deletion is successful, or 404 if the given secret was not found
 *
 * description Deletes all versions of a secret series.  This will delete a single secret ID.
 * responseMessage 200 Deleted secret series
 * responseMessage 404 Secret series not Found
 */
@Path("{secretName}")
@Timed @ExceptionMetered
@DELETE
public Response deleteSecretSeries(
    @Auth AutomationClient automationClient,
    @PathParam("secretName") String secretName) {

  Secret secret = secretController.getSecretByName(secretName).orElseThrow(() -> new NotFoundException("Secret series not found."));
  Set<String> groups = aclDAO.getGroupsFor(secret).stream().map(Group::getName).collect(toSet());
  secretDAO.deleteSecretsByName(secretName);

  // Record all groups to which this secret belongs, so they can be restored manually if necessary
  Map<String, String> extraInfo = new HashMap<>();
  extraInfo.put("deprecated", "true");
  extraInfo.put("groups", groups.toString());
  extraInfo.put("current version", secret.getVersion().toString());
  auditLog.recordEvent(new Event(Instant.now(), EventTag.SECRET_DELETE, automationClient.getName(), secretName, extraInfo));

  return Response.ok().build();
}