From 84549c0d13233c7067b93aa9266271a2c0da3241 Mon Sep 17 00:00:00 2001
From: Justin Field <fieldju@gmail.com>
Date: Tue, 12 Sep 2017 10:38:14 -0700
Subject: [PATCH] wip

---
 ...UpdateBackupCmkAdminPrincipalsCommand.java | 46 +++++++++++++++++++
 .../domain/environment/Environment.java       | 12 +++++
 .../core/CreateCerberusBackupOperation.java   | 32 ++++++++-----
 ...dateBackupCmkAdminPrincipalsOperation.java | 24 ++++++++++
 .../com/nike/cerberus/store/ConfigStore.java  | 17 +++++++
 5 files changed, 119 insertions(+), 12 deletions(-)
 create mode 100644 src/main/java/com/nike/cerberus/command/core/UpdateBackupCmkAdminPrincipalsCommand.java
 create mode 100644 src/main/java/com/nike/cerberus/operation/core/UpdateBackupCmkAdminPrincipalsOperation.java

diff --git a/src/main/java/com/nike/cerberus/command/core/UpdateBackupCmkAdminPrincipalsCommand.java b/src/main/java/com/nike/cerberus/command/core/UpdateBackupCmkAdminPrincipalsCommand.java
new file mode 100644
index 00000000..4aa8c9a4
--- /dev/null
+++ b/src/main/java/com/nike/cerberus/command/core/UpdateBackupCmkAdminPrincipalsCommand.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2017 Nike, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.nike.cerberus.command.core;
+
+import com.beust.jcommander.Parameters;
+import com.nike.cerberus.command.Command;
+import com.nike.cerberus.operation.Operation;
+
+import static com.nike.cerberus.command.core.UpdateBackupCmkAdminPrincipalsCommand.COMMAND_NAME;
+
+/**
+ * Command to update which principals besides for the root account will have permissions to use the backup cmk,
+ * AKA create and restore backups.
+ */
+@Parameters(
+        commandNames = COMMAND_NAME,
+        commandDescription = "Update the IAM Principals that are allowed to create and restore backups."
+)
+public class UpdateBackupCmkAdminPrincipalsCommand implements Command {
+
+    public static final String COMMAND_NAME = "";
+
+    @Override
+    public String getCommandName() {
+        return null;
+    }
+
+    @Override
+    public Class<? extends Operation<?>> getOperationClass() {
+        return null;
+    }
+}
diff --git a/src/main/java/com/nike/cerberus/domain/environment/Environment.java b/src/main/java/com/nike/cerberus/domain/environment/Environment.java
index 2351554a..e7f6381c 100644
--- a/src/main/java/com/nike/cerberus/domain/environment/Environment.java
+++ b/src/main/java/com/nike/cerberus/domain/environment/Environment.java
@@ -17,6 +17,8 @@
 package com.nike.cerberus.domain.environment;
 
 import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -38,6 +40,8 @@ public class Environment {
 
     private Map<String, BackupRegionInfo> regionBackupBucketMap;
 
+    private List<String> backupAdminIamPrincipals;
+
     private String metricsTopicArn;
 
     /**
@@ -129,6 +133,14 @@ public void setRegionBackupBucketMap(Map<String, BackupRegionInfo> regionBackupB
         this.regionBackupBucketMap = regionBackupBucketMap;
     }
 
+    public List<String> getBackupAdminIamPrincipals() {
+        return backupAdminIamPrincipals == null ? new LinkedList<>() : backupAdminIamPrincipals;
+    }
+
+    public void setBackupAdminIamPrincipals(List<String> backupAdminIamPrincipals) {
+        this.backupAdminIamPrincipals = backupAdminIamPrincipals;
+    }
+
     public String getMetricsTopicArn() {
         return metricsTopicArn;
     }
diff --git a/src/main/java/com/nike/cerberus/operation/core/CreateCerberusBackupOperation.java b/src/main/java/com/nike/cerberus/operation/core/CreateCerberusBackupOperation.java
index 900da3c6..6eb3517e 100644
--- a/src/main/java/com/nike/cerberus/operation/core/CreateCerberusBackupOperation.java
+++ b/src/main/java/com/nike/cerberus/operation/core/CreateCerberusBackupOperation.java
@@ -67,6 +67,7 @@
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.HashMap;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -343,9 +344,16 @@ private String provisionKmsCmkForBackupRegion(String region) {
         String accountId = identityResult.getAccount();
         String rootArn = String.format("arn:aws:iam::%s:root", accountId);
 
-        String adminRoleArn = configStore.getAccountAdminArn().get();
+        List<String> backupAdminPrincipals = configStore.getBackupAdminIamPrincipals();
+
+        if (backupAdminPrincipals.isEmpty()) {
+            String adminRoleArn = configStore.getAccountAdminArn().get();
+            backupAdminPrincipals.add(adminRoleArn);
+            configStore.storeBackupAdminIamPrincipals(backupAdminPrincipals);
+        }
 
         Policy kmsPolicy = new Policy();
+        final List<Statement> statements = new LinkedList<>();
 
         // allow the root user all permissions
         Statement rootUserStatement = new Statement(Statement.Effect.Allow);
@@ -353,18 +361,18 @@ private String provisionKmsCmkForBackupRegion(String region) {
         rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootArn, false));
         rootUserStatement.withActions(KMSActions.AllKMSActions);
         rootUserStatement.withResources(new Resource("*"));
+        statements.add(rootUserStatement);
+
+        // allow the configured admin iam principals all permissions
+        backupAdminPrincipals.forEach(principal -> {
+            statements.add(new Statement(Statement.Effect.Allow)
+                .withId("Admin principal " + principal + " Has All Actions")
+                .withPrincipals(new Principal(AWS_PROVIDER, principal, false))
+                .withActions(KMSActions.AllKMSActions)
+                .withResources(new Resource("*"));
+        });
 
-        // allow the configured admin user all permissions
-        Statement adminUserStatement = new Statement(Statement.Effect.Allow);
-        adminUserStatement.withId("Admin Role Has All Actions");
-        adminUserStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
-        adminUserStatement.withActions(KMSActions.AllKMSActions);
-        adminUserStatement.withResources(new Resource("*"));
-
-        kmsPolicy.withStatements(
-            rootUserStatement,
-            adminUserStatement
-        );
+        kmsPolicy.setStatements(statements);
 
         String policyString = kmsPolicy.toJson();
 
diff --git a/src/main/java/com/nike/cerberus/operation/core/UpdateBackupCmkAdminPrincipalsOperation.java b/src/main/java/com/nike/cerberus/operation/core/UpdateBackupCmkAdminPrincipalsOperation.java
new file mode 100644
index 00000000..3afc5a94
--- /dev/null
+++ b/src/main/java/com/nike/cerberus/operation/core/UpdateBackupCmkAdminPrincipalsOperation.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2017 Nike, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.nike.cerberus.operation.core;
+
+/**
+ * Operation to update which principals besides for the root account will have permissions to use the backup cmk,
+ * AKA create and restore backups
+ */
+public class UpdateBackupCmkAdminPrincipalsOperation {
+}
diff --git a/src/main/java/com/nike/cerberus/store/ConfigStore.java b/src/main/java/com/nike/cerberus/store/ConfigStore.java
index 676c59db..d8752636 100644
--- a/src/main/java/com/nike/cerberus/store/ConfigStore.java
+++ b/src/main/java/com/nike/cerberus/store/ConfigStore.java
@@ -596,6 +596,8 @@ public Optional<String> getAccountAdminArn() {
         return Optional.ofNullable(baseParameters.getAccountAdminArn());
     }
 
+
+
     public String getCerberusBaseUrl() {
         return String.format("https://%s", getGatewayStackParamters().getHostname());
     }
@@ -955,6 +957,21 @@ public void storeBackupInfoForRegion(String region, String bucket, String kmsCmk
         }
     }
 
+    public List<String> getBackupAdminIamPrincipals() {
+        synchronized (envDataLock) {
+            final Environment environment = getEnvironmentData();
+            return environment.getBackupAdminIamPrincipals();
+        }
+    }
+
+    public void storeBackupAdminIamPrincipals(List<String> principals) {
+        synchronized (envDataLock) {
+            final Environment environment = getEnvironmentData();
+            environment.setBackupAdminIamPrincipals(principals);
+            saveEnvironmentData(environment);
+        }
+    }
+
     public Optional<String> getMetricsTopicArn() {
         synchronized (envDataLock) {
             final Environment environment = getEnvironmentData();