Merge pull request #432 from IABTechLab/aul-UID2-5227-further-tweaking-cloud-key-rotation

Added fail query param for key rotation to design alerts and dashboar…

Author: aulme

src/main/java/com/uid2/admin/cloudencryption/CloudEncryptionKeyManager.java

@@ -36,10 +36,13 @@ public CloudEncryptionKeyManager(
 
     // For any site that has an operator create a new key activating in one hour
     // Keep up to 10 most recent old keys per site, delete the rest
-    public void rotateKeys() throws Exception {
+    public void rotateKeys(boolean shouldFail) throws Exception {
         try {
             refreshCloudData();
             var desiredKeys = planner.planRotation(existingKeys, operatorKeys);
+            if (shouldFail) {
+                throw new Exception("Failing key rotation on demand due to `fail` query param being passed");
+            }
             writeKeys(desiredKeys);
             var diff = CloudEncryptionKeyDiff.calculateDiff(existingKeys, desiredKeys);
             LOGGER.info("Key rotation complete. Diff: {}", diff);

src/main/java/com/uid2/admin/cloudencryption/CloudEncryptionKeyRotationJob.java

@@ -4,9 +4,11 @@
 
 public class CloudEncryptionKeyRotationJob extends Job {
     private final CloudEncryptionKeyManager keyManager;
+    private final boolean shouldFail;
 
-    public CloudEncryptionKeyRotationJob(CloudEncryptionKeyManager keyManager) {
+    public CloudEncryptionKeyRotationJob(CloudEncryptionKeyManager keyManager, boolean shouldFail) {
         this.keyManager = keyManager;
+        this.shouldFail = shouldFail;
     }
 
     @Override
@@ -16,6 +18,6 @@ public String getId() {
 
     @Override
     public void execute() throws Exception {
-        keyManager.rotateKeys();
+        keyManager.rotateKeys(shouldFail);
     }
 }

src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java

@@ -42,7 +42,9 @@ public void setupRoutes(Router router) {
 
     private void handleRotate(RoutingContext rc) {
         try {
-            jobDispatcher.enqueue(new CloudEncryptionKeyRotationJob(keyManager));
+            var shouldFail = !rc.queryParam("fail").isEmpty();
+
+            jobDispatcher.enqueue(new CloudEncryptionKeyRotationJob(keyManager, shouldFail));
             var isSuccess = jobDispatcher.executeNextJob().get();
             if (isSuccess) {
                 rc.response().end();

src/test/java/com/uid2/admin/vertx/CloudEncryptionKeyServiceTest.java

@@ -122,6 +122,16 @@ public void testRotate_noAccess(Vertx vertx, VertxTestContext testContext) {
         });
     }
 
+    @Test
+    public void testRotate_fail_on_request(Vertx vertx, VertxTestContext testContext) {
+        fakeAuth(Role.MAINTAINER);
+        post(vertx, testContext, Endpoints.CLOUD_ENCRYPTION_KEY_ROTATE + "?fail=true", null, response -> {
+            assertEquals(500, response.statusCode());
+
+            testContext.completeNow();
+        });
+    }
+
     @Test
     public void testRotate_canBeRotatedBySecretRotationJob(Vertx vertx, VertxTestContext testContext) {
         fakeAuth(Role.SECRET_ROTATION);