Examples with Role com.yahoo.athenz.zms.Role used on opensource projects

Example 1 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class FileConnection method deletePrincipal.

@Override
public boolean deletePrincipal(String principalName, boolean subDomains) {
    // we're going to go through all domains and delete any
    // principal that satisfies our criteria
    String[] fnames = rootDir.list();
    String domainNamePrefix = subDomains ? principalName + "." : null;
    for (String fname : fnames) {
        File f = new File(rootDir, fname);
        DomainStruct domainStruct = null;
        try {
            Path path = Paths.get(f.toURI());
            domainStruct = JSON.fromBytes(Files.readAllBytes(path), DomainStruct.class);
        } catch (IOException e) {
        }
        if (domainStruct == null) {
            continue;
        }
        boolean domainChanged = false;
        for (Role role : domainStruct.getRoles().values()) {
            List<RoleMember> roleMembers = role.getRoleMembers();
            if (roleMembers == null) {
                continue;
            }
            for (int idx = 0; idx < roleMembers.size(); idx++) {
                final String memberName = roleMembers.get(idx).getMemberName();
                if (memberName.equals(principalName) || (domainNamePrefix != null && memberName.startsWith(domainNamePrefix))) {
                    roleMembers.remove(idx);
                    domainChanged = true;
                }
            }
        }
        if (domainChanged) {
            putDomainStruct(domainStruct.getName(), domainStruct);
        }
    }
    return true;
}

Example 2 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class FileConnection method listRoleMembers.

@Override
public List<RoleMember> listRoleMembers(String domainName, String roleName) {
    DomainStruct domainStruct = getDomainStruct(domainName);
    if (domainStruct == null) {
        throw ZMSUtils.error(ResourceException.NOT_FOUND, "domain not found", "listRoleMembers");
    }
    Role role = getRoleObject(domainStruct, roleName);
    if (role == null) {
        throw ZMSUtils.error(ResourceException.NOT_FOUND, "role not found", "listRoleMembers");
    }
    return role.getRoleMembers();
}

Example 3 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class FileConnection method listPrincipals.

@Override
public List<String> listPrincipals(String domainName) {
    // we're going to go through all domains and extract any
    // principal that satisfies our filter domainName
    Set<String> principals = new HashSet<>();
    String[] fnames = rootDir.list();
    String domainNamePrefix = domainName == null ? null : domainName + ".";
    for (String fname : fnames) {
        File f = new File(rootDir, fname);
        DomainStruct domainStruct = null;
        try {
            Path path = Paths.get(f.toURI());
            domainStruct = JSON.fromBytes(Files.readAllBytes(path), DomainStruct.class);
        } catch (IOException e) {
        }
        if (domainStruct == null) {
            continue;
        }
        for (Role role : domainStruct.getRoles().values()) {
            List<RoleMember> roleMembers = role.getRoleMembers();
            if (roleMembers == null) {
                continue;
            }
            for (RoleMember roleMember : roleMembers) {
                final String memberName = roleMember.getMemberName();
                if (domainNamePrefix == null) {
                    principals.add(memberName);
                } else if (memberName.startsWith(domainNamePrefix)) {
                    principals.add(memberName);
                }
            }
        }
    }
    return new ArrayList<String>(principals);
}

Example 4 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class FileConnection method listPrincipalRoles.

@Override
public List<PrincipalRole> listPrincipalRoles(String principalName) {
    // we're going to go through all domains
    String[] fnames = rootDir.list();
    List<PrincipalRole> roles = new ArrayList<>();
    for (String fname : fnames) {
        File f = new File(rootDir, fname);
        DomainStruct domainStruct = null;
        try {
            Path path = Paths.get(f.toURI());
            domainStruct = JSON.fromBytes(Files.readAllBytes(path), DomainStruct.class);
        } catch (IOException e) {
        }
        if (domainStruct == null) {
            continue;
        }
        for (Role role : domainStruct.getRoles().values()) {
            List<RoleMember> roleMembers = role.getRoleMembers();
            if (roleMembers == null) {
                continue;
            }
            for (int idx = 0; idx < roleMembers.size(); idx++) {
                final String memberName = roleMembers.get(idx).getMemberName();
                if (memberName.equals(principalName)) {
                    PrincipalRole pRole = new PrincipalRole();
                    pRole.setDomainName(fname);
                    pRole.setRoleName(extractRoleName(fname, role.getName()));
                    roles.add(pRole);
                }
            }
        }
    }
    return roles;
}

Example 5 with Role

use of com.yahoo.athenz.zms.Role in project athenz by yahoo.

the class ZTSAuthorizer method matchDelegatedTrustAssertion.

boolean matchDelegatedTrustAssertion(com.yahoo.athenz.zms.Assertion assertion, String roleName, String roleMember, List<Role> roles) {
    if (!ASSUME_ROLE.equalsIgnoreCase(assertion.getAction())) {
        return false;
    }
    String rezPattern = StringUtils.patternFromGlob(assertion.getResource());
    if (!roleName.matches(rezPattern)) {
        return false;
    }
    String rolePattern = StringUtils.patternFromGlob(assertion.getRole());
    for (Role role : roles) {
        String name = role.getName();
        if (!name.matches(rolePattern)) {
            continue;
        }
        if (isMemberOfRole(role, roleMember)) {
            return true;
        }
    }
    return false;
}