Examples with ProviderException - com.netflix.spinnaker.fiat.providers.ProviderException

Example 1 with ProviderException

use of com.netflix.spinnaker.fiat.providers.ProviderException in project fiat by spinnaker.

the class UserRolesSyncer method syncAndReturn.

public long syncAndReturn(List<String> roles) {
    FixedBackOff backoff = new FixedBackOff();
    backoff.setInterval(retryIntervalMs);
    backoff.setMaxAttempts(Math.floorDiv(syncDelayTimeoutMs, retryIntervalMs) + 1);
    BackOffExecution backOffExec = backoff.start();
    // after this point the execution will get rescheduled
    final long timeout = System.currentTimeMillis() + syncDelayTimeoutMs;
    if (!isServerHealthy()) {
        log.warn("Server is currently UNHEALTHY. User permission role synchronization and " + "resolution may not complete until this server becomes healthy again.");
    }
    // Ensure we're going to reload app and service account definitions
    permissionsResolver.clearCache();
    while (true) {
        try {
            Map<String, Set<Role>> combo = new HashMap<>();
            // force a refresh of the unrestricted user in case the backing repository is empty:
            combo.put(UnrestrictedResourceConfig.UNRESTRICTED_USERNAME, new HashSet<>());
            Map<String, Set<Role>> temp;
            if (!(temp = getUserPermissions(roles)).isEmpty()) {
                combo.putAll(temp);
            }
            if (!(temp = getServiceAccountsAsMap(roles)).isEmpty()) {
                combo.putAll(temp);
            }
            return updateUserPermissions(combo);
        } catch (ProviderException | PermissionResolutionException ex) {
            registry.counter(metricName("syncFailure"), "cause", ex.getClass().getSimpleName()).increment();
            Status status = healthIndicator.health().getStatus();
            long waitTime = backOffExec.nextBackOff();
            if (waitTime == BackOffExecution.STOP || System.currentTimeMillis() > timeout) {
                String cause = (waitTime == BackOffExecution.STOP) ? "backoff-exhausted" : "timeout";
                registry.counter("syncAborted", "cause", cause).increment();
                log.error("Unable to resolve service account permissions.", ex);
                return 0;
            }
            String message = new StringBuilder("User permission sync failed. ").append("Server status is ").append(status).append(". Trying again in ").append(waitTime).append(" ms. Cause:").append(ex.getMessage()).toString();
            if (log.isDebugEnabled()) {
                log.debug(message, ex);
            } else {
                log.warn(message);
            }
            try {
                Thread.sleep(waitTime);
            } catch (InterruptedException ignored) {
            }
        } finally {
            isServerHealthy();
        }
    }
}

Also used : Status(org.springframework.boot.actuate.health.Status) ProviderException(com.netflix.spinnaker.fiat.providers.ProviderException) PermissionResolutionException(com.netflix.spinnaker.fiat.permissions.PermissionResolutionException) BackOffExecution(org.springframework.util.backoff.BackOffExecution) FixedBackOff(org.springframework.util.backoff.FixedBackOff)

Aggregations

PermissionResolutionException (com.netflix.spinnaker.fiat.permissions.PermissionResolutionException)1 ProviderException (com.netflix.spinnaker.fiat.providers.ProviderException)1 Status (org.springframework.boot.actuate.health.Status)1 BackOffExecution (org.springframework.util.backoff.BackOffExecution)1 FixedBackOff (org.springframework.util.backoff.FixedBackOff)1