Example 16 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class ZTSImplTest method createSignedDomainExpiration.
private SignedDomain createSignedDomainExpiration(String domainName, String serviceName, Boolean enabled) {
SignedDomain signedDomain = new SignedDomain();
List<Role> roles = new ArrayList<>();
String memberName = "user_domain.user1";
Role role = new Role();
role.setName(generateRoleName(domainName, "admin"));
List<RoleMember> members = new ArrayList<RoleMember>();
RoleMember roleMember = new RoleMember();
roleMember.setMemberName("user_domain.adminuser");
members.add(roleMember);
role.setRoleMembers(members);
roles.add(role);
role = new Role();
role.setName(generateRoleName(domainName, "role1"));
members = new ArrayList<RoleMember>();
roleMember = new RoleMember();
roleMember.setMemberName(memberName);
roleMember.setExpiration(Timestamp.fromMillis(System.currentTimeMillis() - 100));
members.add(roleMember);
role.setRoleMembers(members);
roles.add(role);
role = new Role();
role.setName(generateRoleName(domainName, "role2"));
members = new ArrayList<RoleMember>();
roleMember = new RoleMember();
roleMember.setMemberName(memberName);
roleMember.setExpiration(Timestamp.fromMillis(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(1)));
members.add(roleMember);
role.setRoleMembers(members);
roles.add(role);
List<ServiceIdentity> services = new ArrayList<>();
ServiceIdentity service = new ServiceIdentity();
service.setName(generateServiceIdentityName(domainName, serviceName));
setServicePublicKey(service, "0", ZTS_Y64_CERT0);
services.add(service);
DomainData domain = new DomainData();
domain.setName(domainName);
domain.setRoles(roles);
domain.setServices(services);
domain.setModified(Timestamp.fromCurrentTime());
domain.setEnabled(enabled);
signedDomain.setDomain(domain);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
signedDomain.setKeyId("0");
return signedDomain;
}
Also used :
Role(com.yahoo.athenz.zms.Role)
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
ArrayList(java.util.ArrayList)
DomainData(com.yahoo.athenz.zms.DomainData)
RoleMember(com.yahoo.athenz.zms.RoleMember)
Example 17 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class ZTSImpl method getServiceIdentity.
// ----------------- the ServiceIdentity interface
public ServiceIdentity getServiceIdentity(ResourceContext ctx, String domainName, String serviceName) {
final String caller = "getserviceidentity";
final String callerTiming = "getserviceidentity_timing";
metric.increment(HTTP_GET);
logPrincipal(ctx);
validateRequest(ctx.request(), caller);
validate(domainName, TYPE_DOMAIN_NAME, caller);
validate(serviceName, TYPE_SIMPLE_NAME, caller);
// for consistent handling of all requests, we're going to convert
// all incoming object values into lower case since ZMS Server
// saves all of its object names in lower case
domainName = domainName.toLowerCase();
serviceName = serviceName.toLowerCase();
Object timerMetric = metric.startTiming(callerTiming, domainName);
DomainData domainData = dataStore.getDomainData(domainName);
if (domainData == null) {
metric.increment(HTTP_REQUEST, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
metric.increment(caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
throw notFoundError("Domain not found: '" + domainName + "'", caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
}
// update our metric with dimension. we're moving the metric here
// after the domain name has been confirmed as valid since with
// dimensions we get stuck with persistent indexes so we only want
// to create them for valid domain names
metric.increment(HTTP_REQUEST, domainName);
metric.increment(caller, domainName);
String cnService = generateServiceIdentityName(domainName, serviceName);
ServiceIdentity ztsService = lookupServiceIdentity(domainData, cnService);
if (ztsService == null) {
throw notFoundError("Service not found: '" + cnService + "'", caller, domainName);
}
metric.stopTiming(timerMetric);
return ztsService;
}
Also used :
DomainData(com.yahoo.athenz.zms.DomainData)
Example 18 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class DataStore method processDomain.
public boolean processDomain(SignedDomain signedDomain, boolean saveInStore) {
DomainData domainData = signedDomain.getDomain();
String domainName = domainData.getName();
if (LOGGER.isInfoEnabled()) {
LOGGER.info("Processing domain: {}", domainName);
}
if (domainData.getEnabled() == Boolean.FALSE) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Skipping disabled domain domain: {}", domainName);
}
return true;
}
if (!validateSignedDomain(signedDomain)) {
return false;
}
/* generate our cache object */
DataCache domainCache = new DataCache();
/* process the roles for this domain */
processDomainRoles(domainData, domainCache);
/* process the policies for this domain */
processDomainPolicies(domainData, domainCache);
/* finally process the service identities */
processDomainServiceIdentities(domainData, domainCache);
/* save the full domain object with the cache entry itself
* since we need to that information to handle
* getServiceIdentity and getServiceIdentityList requests */
domainCache.setDomainData(domainData);
/* add the entry to the cache and struct store */
addDomainToCache(domainName, domainCache);
if (saveInStore) {
changeLogStore.saveLocalDomain(domainName, signedDomain);
}
return true;
}
Also used :
DomainData(com.yahoo.athenz.zms.DomainData)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Example 19 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class DataStore method validateSignedDomain.
boolean validateSignedDomain(SignedDomain signedDomain) {
DomainData domainData = signedDomain.getDomain();
String keyId = signedDomain.getKeyId();
String signature = signedDomain.getSignature();
PublicKey zmsKey = zmsPublicKeyCache.getIfPresent(keyId == null ? "0" : keyId);
if (zmsKey == null) {
LOGGER.error("validateSignedDomain: ZMS Public Key id={} not available", keyId);
return false;
}
boolean result = Crypto.verify(SignUtils.asCanonicalString(domainData), zmsKey, signature);
if (!result) {
LOGGER.error("validateSignedDomain: Domain={} signature validation failed", domainData.getName());
LOGGER.error("validateSignedDomain: Signed Domain Data: {}", SignUtils.asCanonicalString(domainData));
}
return result;
}
Also used :
PublicKey(java.security.PublicKey)
DomainData(com.yahoo.athenz.zms.DomainData)
Example 20 with DomainData
use of com.yahoo.athenz.zms.DomainData in project athenz by yahoo.
the class DataStoreTest method testAddDomainToCacheRemovedPublicKeysVersions.
@Test
public void testAddDomainToCacheRemovedPublicKeysVersions() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
DataCache dataCache = new DataCache();
ServiceIdentity service = new ServiceIdentity();
service.setName("coretech.storage");
setServicePublicKey(service, "0", ZTS_Y64_CERT0);
List<com.yahoo.athenz.zms.PublicKeyEntry> publicKeys = new ArrayList<com.yahoo.athenz.zms.PublicKeyEntry>();
com.yahoo.athenz.zms.PublicKeyEntry publicKey = new com.yahoo.athenz.zms.PublicKeyEntry();
publicKey.setKey(ZTS_Y64_CERT1);
publicKey.setId("1");
publicKeys.add(publicKey);
publicKey = new com.yahoo.athenz.zms.PublicKeyEntry();
publicKey.setKey(ZTS_Y64_CERT2);
publicKey.setId("2");
publicKeys.add(publicKey);
service.setPublicKeys(publicKeys);
List<ServiceIdentity> services = new ArrayList<>();
services.add(service);
dataCache.processServiceIdentity(service);
DomainData domainData = new DomainData();
domainData.setServices(services);
dataCache.setDomainData(domainData);
store.addDomainToCache("coretech", dataCache);
/* update multiple version public keys */
dataCache = new DataCache();
service = new ServiceIdentity();
service.setName("coretech.storage");
publicKeys = new ArrayList<com.yahoo.athenz.zms.PublicKeyEntry>();
publicKey = new com.yahoo.athenz.zms.PublicKeyEntry();
publicKey.setKey(ZTS_Y64_CERT0);
publicKey.setId("0");
publicKeys.add(publicKey);
publicKey = new com.yahoo.athenz.zms.PublicKeyEntry();
publicKey.setKey(ZTS_Y64_CERT2);
publicKey.setId("2");
publicKeys.add(publicKey);
service.setPublicKeys(publicKeys);
services = new ArrayList<>();
services.add(service);
dataCache.processServiceIdentity(service);
domainData = new DomainData();
domainData.setServices(services);
dataCache.setDomainData(domainData);
store.addDomainToCache("coretech", dataCache);
assertEquals(store.getPublicKey("coretech", "storage", "0"), ZTS_PEM_CERT0);
assertNull(store.getPublicKey("coretech", "storage", "1"));
assertEquals(store.getPublicKey("coretech", "storage", "2"), ZTS_PEM_CERT2);
assertNull(store.getPublicKey("coretech", "storage", "3"));
}
Also used :
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
ArrayList(java.util.ArrayList)
DomainData(com.yahoo.athenz.zms.DomainData)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
Test(org.testng.annotations.Test)
Aggregations
DomainData (com.yahoo.athenz.zms.DomainData)64
ArrayList (java.util.ArrayList)44
Test (org.testng.annotations.Test)43
Role (com.yahoo.athenz.zms.Role)32
DataCache (com.yahoo.athenz.zts.cache.DataCache)32
RoleMember (com.yahoo.athenz.zms.RoleMember)25
SignedDomain (com.yahoo.athenz.zms.SignedDomain)25
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)25
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)24
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)21
Policy (com.yahoo.athenz.zms.Policy)18
MemberRole (com.yahoo.athenz.zts.cache.MemberRole)15
Assertion (com.yahoo.athenz.zms.Assertion)11
HostServices (com.yahoo.athenz.zts.HostServices)6
S3Object (com.amazonaws.services.s3.model.S3Object)4
S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)4
FileInputStream (java.io.FileInputStream)4
InputStream (java.io.InputStream)4
Principal (com.yahoo.athenz.auth.Principal)3
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)3
