diff --git a/src/main/java/com/nike/cerberus/service/MetadataService.java b/src/main/java/com/nike/cerberus/service/MetadataService.java index 3b1538bae..5783a0088 100644 --- a/src/main/java/com/nike/cerberus/service/MetadataService.java +++ b/src/main/java/com/nike/cerberus/service/MetadataService.java @@ -52,6 +52,7 @@ public class MetadataService { private final CategoryService categoryService; private final RoleService roleService; private final UuidSupplier uuidSupplier; + private String categoryId; @Inject public MetadataService(SafeDepositBoxService safeDepositBoxService, @@ -69,7 +70,7 @@ public MetadataService(SafeDepositBoxService safeDepositBoxService, * Creates or Updates an SDB using saved off metadata. * This method differs from SafeDepositBoxService::createSafeDepositBox and SafeDepositBoxService::updateSafeDepositBox * only in that this method sets the created by and last updated fields which are normally sourced automatically. - * + *

* This is an admin function so that backed up SDB metadata can easily be restored. * An example would be a cross region recovery event where you are restoring backed up data from a different * region / cerberus environment @@ -79,40 +80,39 @@ public MetadataService(SafeDepositBoxService safeDepositBoxService, public void restoreMetadata(SDBMetadata sdbMetadata, String adminUser) { logger.info("Restoring metadata for SDB: {}", sdbMetadata.getName()); - Optional sdbId = safeDepositBoxService.getSafeDepositBoxIdByName(sdbMetadata.getName()); - String id; - if (sdbId.isPresent()) { - id = sdbId.get(); + String id = getSdbId(sdbMetadata); + String categoryId = getCategoryId(sdbMetadata); + Set userGroupPermissionSet = getUserGroupPermissionSet(sdbMetadata); + Set iamRolePermissionSet = getIamRolePermissionSet(sdbMetadata); - logger.info("Found existing SDB for {} with id {}, forcing restore", sdbMetadata.getName(), id); - } else { - // create - id = uuidSupplier.get(); - logger.info("No SDB found for {}, creating new SDB", sdbMetadata.getName()); - } - - // Map the string category name to a category id - Optional categoryOpt = categoryService.getCategoryIdByName(sdbMetadata.getCategory()); - if (! categoryOpt.isPresent()) { - throw ApiException.newBuilder() - .withApiErrors(new InvalidCategoryNameApiError(sdbMetadata.getCategory())) - .build(); - } - String categoryId = categoryOpt.get(); + SafeDepositBox sdb = new SafeDepositBox(); + sdb.setId(id); + sdb.setPath(sdbMetadata.getPath()); + sdb.setCategoryId(categoryId); + sdb.setName(sdbMetadata.getName()); + sdb.setOwner(sdbMetadata.getOwner()); + sdb.setDescription(sdbMetadata.getDescription()); + sdb.setCreatedTs(sdbMetadata.getCreatedTs()); + sdb.setLastUpdatedTs(sdbMetadata.getLastUpdatedTs()); + sdb.setCreatedBy(sdbMetadata.getCreatedBy()); + sdb.setLastUpdatedBy(sdbMetadata.getLastUpdatedBy()); + sdb.setUserGroupPermissions(userGroupPermissionSet); + sdb.setIamRolePermissions(iamRolePermissionSet); - Set userGroupPermissionSet = new HashSet<>(); - sdbMetadata.getUserGroupPermissions().forEach((groupName, roleName) -> { - userGroupPermissionSet.add(new UserGroupPermission() - .withName(groupName) - .withRoleId(getRoleIdFromName(roleName)) - ); - }); + safeDepositBoxService.restoreSafeDepositBox(sdb, adminUser); + } + /** + * Retrieves the IAM Role Permission Set for SDB Metadata Object. + * @param sdbMetadata the sdb metadata + * @return IAM Role Permission Set + */ + private Set getIamRolePermissionSet(SDBMetadata sdbMetadata) { Set iamRolePermissionSet = new HashSet<>(); sdbMetadata.getIamRolePermissions().forEach((iamRoleArn, roleName) -> { Pattern iamRoleArnParserPattern = Pattern.compile("arn:aws:iam::(?.*?):role/(?.*)"); Matcher iamRoleArnParserMatcher = iamRoleArnParserPattern.matcher(iamRoleArn); - if (! iamRoleArnParserMatcher.find()) { + if (!iamRoleArnParserMatcher.find()) { throw ApiException.newBuilder() .withApiErrors(new InvalidIamRoleArnApiError(sdbMetadata.getCategory())) .build(); @@ -124,25 +124,50 @@ public void restoreMetadata(SDBMetadata sdbMetadata, String adminUser) { .withRoleId(getRoleIdFromName(roleName)) ); }); + return iamRolePermissionSet; + } + /** + * Retrieves the User Group Permission Set for SDB Metadata Object. + * @param sdbMetadata the sdb metadata + * @return User Group Permission Set + */ + private Set getUserGroupPermissionSet(SDBMetadata sdbMetadata) { + Set userGroupPermissionSet = new HashSet<>(); + sdbMetadata.getUserGroupPermissions().forEach((groupName, roleName) -> { + userGroupPermissionSet.add(new UserGroupPermission() + .withName(groupName) + .withRoleId(getRoleIdFromName(roleName)) + ); + }); + return userGroupPermissionSet; + } - SafeDepositBox sdb = new SafeDepositBox(); - sdb.setId(id); - sdb.setPath(sdbMetadata.getPath()); - sdb.setCategoryId(categoryId); - sdb.setName(sdbMetadata.getName()); - sdb.setOwner(sdbMetadata.getOwner()); - sdb.setDescription(sdbMetadata.getDescription()); - sdb.setCreatedTs(sdbMetadata.getCreatedTs()); - sdb.setLastUpdatedTs(sdbMetadata.getLastUpdatedTs()); - sdb.setCreatedBy(sdbMetadata.getCreatedBy()); - sdb.setLastUpdatedBy(sdbMetadata.getLastUpdatedBy()); - sdb.setUserGroupPermissions(userGroupPermissionSet); - sdb.setIamRolePermissions(iamRolePermissionSet); + /** + * Retrieves or generates an ID for the safe deposit box. + * @param sdbMetadata the sdb metadata + * @return id for the sdb + */ + private String getSdbId(SDBMetadata sdbMetadata) { + Optional sdbId = safeDepositBoxService.getSafeDepositBoxIdByName(sdbMetadata.getName()); + String id; + if (sdbId.isPresent()) { + id = sdbId.get(); - safeDepositBoxService.restoreSafeDepositBox(sdb, adminUser); + logger.info("Found existing SDB for {} with id {}, forcing restore", sdbMetadata.getName(), id); + } else { + // create + id = uuidSupplier.get(); + logger.info("No SDB found for {}, creating new SDB", sdbMetadata.getName()); + } + return id; } + /** + * Gets the role id for a role by its name + * @param roleName the name that you need an id for + * @return the role id + */ private String getRoleIdFromName(String roleName) { // map the string role name to a role id Optional role = roleService.getRoleByName(roleName); @@ -177,6 +202,12 @@ public SDBMetadataResult getSDBMetadata(int limit, int offset) { return result; } + /** + * Gets a list of SBD Metadata's + * @param limit The limit for the results + * @param offset The offset for pagination + * @return A list of SDB Metadata + */ protected List getSDBMetadataList(int limit, int offset) { List sdbs = new LinkedList<>(); @@ -207,6 +238,9 @@ protected List getSDBMetadataList(int limit, int offset) { return sdbs; } + /** + * Retrieves a simplified user group permission map that is only strings so it can be transported across Cerberus environments + */ protected Map getUserGroupPermissionsMap(Map roleIdToStringMap, Set permissions) { @@ -217,6 +251,9 @@ protected Map getUserGroupPermissionsMap(Map rol return permissionsMap; } + /** + * Retrieves a simplified iam permission map that is only strings so it can be transported across Cerberus environments + */ protected Map getIamRolePermissionMap(Map roleIdToStringMap, Set iamPerms) { @@ -229,4 +266,18 @@ protected Map getIamRolePermissionMap(Map roleIdT }); return iamRoleMap; } + + /** + * Gets the category id for a sdb + */ + public String getCategoryId(SDBMetadata sdbMetadata) { + // Map the string category name to a category id + Optional categoryOpt = categoryService.getCategoryIdByName(sdbMetadata.getCategory()); + if (! categoryOpt.isPresent()) { + throw ApiException.newBuilder() + .withApiErrors(new InvalidCategoryNameApiError(sdbMetadata.getCategory())) + .build(); + } + return categoryOpt.get(); + } }