com.oneops.proxy.keywhiz

Class KeywhizAutomationClient

java.lang.Object

com.oneops.proxy.keywhiz.http.HttpClient

com.oneops.proxy.keywhiz.KeywhizAutomationClient

public class KeywhizAutomationClient
extends HttpClient

Client for interacting with the Keywhiz Server using mutually authenticated automation APIs. Automation client is included mainly for testing purpose. The CLI is depends on the KeywhizClient.

Author:

Suresh

Field Summary

Fields inherited from class com.oneops.proxy.keywhiz.http.HttpClient

baseUrl, client, JSON, keywhizKeyStore, mapper

Constructor Summary

Constructors

Constructor and Description
KeywhizAutomationClient(String baseUrl, KeywhizKeyStore keywhizKeyStore) Create a keywhiz automation client for the given baseurl.

Method Summary

Modifier and Type	Method and Description
List<String>	allClients() Retrieve listing of all keywhiz client names.
String	createClient(String name, String description, String... groups) Creates a client and assigns to given groups.
String	createGroup(String name, String description, com.google.common.collect.ImmutableMap<String,String> metadata) Creates a group
void	createOrUpdateSecret(String name, CreateOrUpdateSecretRequestV2 secret) Creates or updates (if it exists) a secret.
void	createSecret(CreateSecretRequestV2 secret) Creates a secret and assigns to given groups
void	deleteClient(String client) Delete a client.
void	deleteGroup(String group) Delete a group.
void	deleteSecret(String name) Delete a secret series
List<String>	getAllGroups() Retrieve listing of application group names.
ClientDetailResponseV2	getClientDetails(String client) Retrieve information on a client
List<ClientDetailResponseV2>	getClients(String group) Retrieve metadata for clients in a particular group.
GroupDetailResponseV2	getGroupDetails(String group) Retrieve information on a group.
List<String>	getGroupsForSecret(String secret) Listing of groups a secret is assigned to.
SecretDetailResponseV2	getSecretDetails(String secret) Retrieve information on a secret series.
List<SecretDetailResponseV2>	getSecrets(String group) Retrieve metadata for secrets in a particular group
SecretContentsResponseV2	getSecretsContent(String... secrets) Retrieve contents for a set of secret series.
List<String>	getSecretsExpiring(String group, long time) Retrieve listing of secrets expiring soon in a group.
List<SecretDetailResponseV2>	getSecretVersions(String secret, int versionIdx, int numVersions) Retrieve the given range of versions of this secret, sorted from newest to oldest update time.
Map<String,Object>	getStatus() Returns current status of the keywhiz server.
boolean	isClientAuthEnabled() Automation client is using mTLS (client auth)
void	modifyClientGroups(String client, ModifyGroupsRequestV2 groupsRequest) Modify groups a client has membership in.
void	partialUpdateSecret(String name, PartialUpdateSecretRequestV2 secret) Updates a subset of the fields of an existing secret.
void	setSecretVersion(String secret, long versionId) Reset the current version of the given secret to the given version index.

Methods inherited from class com.oneops.proxy.keywhiz.http.HttpClient

clearCookies, createHttpsClient, createObjectMapper, httpDelete, httpGet, httpPost, httpPut, makeCall, throwOnCommonError

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeywhizAutomationClient

public KeywhizAutomationClient(String baseUrl,
                               KeywhizKeyStore keywhizKeyStore)
                        throws GeneralSecurityException

Create a keywhiz automation client for the given baseurl.

Parameters:

baseUrl - Keywhiz server base url

keywhizKeyStore - Keywhiz keystore.

Throws:

GeneralSecurityException - Throws if any error creating the https client.

Method Detail

getStatus

public Map<String,Object> getStatus()
                             throws IOException

Returns current status of the keywhiz server.

Returns:

Keywhiz status response map.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

allClients

public List<String> allClients()
                        throws IOException

Retrieve listing of all keywhiz client names.

Returns:

List of all client names.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getAllGroups

public List<String> getAllGroups()
                          throws IOException

Retrieve listing of application group names.

Returns:

List of all group names.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getGroupDetails

public GroupDetailResponseV2 getGroupDetails(String group)
                                      throws IOException

Retrieve information on a group.

Parameters:

group - Keywhiz group name

Returns:

Group information (GroupDetailResponseV2) retrieved

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

deleteGroup

public void deleteGroup(String group)
                 throws IOException

Delete a group.

Parameters:

group - Keywhiz group name.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getClients

public List<ClientDetailResponseV2> getClients(String group)
                                        throws IOException

Retrieve metadata for clients in a particular group.

Parameters:

group - Keywhiz Group name.

Returns:

List of client information (ClientDetailResponseV2) retrieved.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getClientDetails

public ClientDetailResponseV2 getClientDetails(String client)
                                        throws IOException

Retrieve information on a client

Parameters:

client - Client name.

Returns:

Client information (ClientDetailResponseV2) retrieved.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

deleteClient

public void deleteClient(String client)
                  throws IOException

Delete a client.

Parameters:

client - Client name.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

modifyClientGroups

public void modifyClientGroups(String client,
                               ModifyGroupsRequestV2 groupsRequest)
                        throws IOException

Modify groups a client has membership in.

Parameters:

client - Client name.

groupsRequest - JSON request specifying which groups to add or remove.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getSecrets

public List<SecretDetailResponseV2> getSecrets(String group)
                                        throws IOException

Retrieve metadata for secrets in a particular group

Parameters:

group - Keywhiz group name.

Returns:

List of secrets information (SecretDetailResponseV2) retrieved.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

createOrUpdateSecret

public void createOrUpdateSecret(String name,
                                 CreateOrUpdateSecretRequestV2 secret)
                          throws IOException

Creates or updates (if it exists) a secret.

Parameters:

name - Secret name.

secret - Secret details, $CreateOrUpdateSecretRequestV2

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

partialUpdateSecret

public void partialUpdateSecret(String name,
                                PartialUpdateSecretRequestV2 secret)
                         throws IOException

Updates a subset of the fields of an existing secret.

Parameters:

name - Secret name.

secret - Secret details, $PartialUpdateSecretRequestV2

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

createSecret

public void createSecret(CreateSecretRequestV2 secret)
                  throws IOException

Creates a secret and assigns to given groups

Parameters:

secret - Secret details, $CreateSecretRequestV2

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

deleteSecret

public void deleteSecret(String name)
                  throws IOException

Delete a secret series

Parameters:

name - Secret series name to be deleted.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getGroupsForSecret

public List<String> getGroupsForSecret(String secret)
                                throws IOException

Listing of groups a secret is assigned to.

Parameters:

secret - Secret name

Returns:

List of group name.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getSecretVersions

public List<SecretDetailResponseV2> getSecretVersions(String secret,
                                                      int versionIdx,
                                                      int numVersions)
                                               throws IOException

Retrieve the given range of versions of this secret, sorted from newest to oldest update time.

Parameters:

secret - Secret name.

versionIdx - The index in the list of versions of the first version to retrieve.

numVersions - The number of versions to retrieve

Returns:

Secret series information retrieved.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

setSecretVersion

public void setSecretVersion(String secret,
                             long versionId)
                      throws IOException

Reset the current version of the given secret to the given version index.

Parameters:

secret - Secret name.

versionId - The version id of the secret to set.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getSecretDetails

public SecretDetailResponseV2 getSecretDetails(String secret)
                                        throws IOException

Retrieve information on a secret series.

Parameters:

secret - Secret name.

Returns:

Secret detail response.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getSecretsExpiring

public List<String> getSecretsExpiring(String group,
                                       long time)
                                throws IOException

Retrieve listing of secrets expiring soon in a group.

Parameters:

group - Keywhiz group name.

time - Timestamp for farthest expiry to include.

Returns:

List of secrets name expiring soon.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

getSecretsContent

public SecretContentsResponseV2 getSecretsContent(String... secrets)
                                           throws IOException

Retrieve contents for a set of secret series.

Parameters:

secrets - List of secrets.

Returns:

Secrets content

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

createClient

public String createClient(String name,
                           String description,
                           String... groups)
                    throws IOException

Creates a client and assigns to given groups.

Returns:

Client create response.

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

createGroup

public String createGroup(String name,
                          String description,
                          com.google.common.collect.ImmutableMap<String,String> metadata)
                   throws IOException

Creates a group

Parameters:

name - Group name

description - Group description.

metadata - Group metadata.

Returns:

Create group response

Throws:

IOException - Throws if the request could not be executed due to cancellation, a connectivity problem or timeout.

isClientAuthEnabled

public boolean isClientAuthEnabled()

Automation client is using mTLS (client auth)

Specified by:

isClientAuthEnabled in class HttpClient

Returns:

true if client auth is enabled