Example 1 with SignedDomains
use of com.yahoo.athenz.zms.SignedDomains in project athenz by yahoo.
the class S3ChangeLogStoreTest method testGetUpdatedSignedDomainsWithChange.
@Test
public void testGetUpdatedSignedDomainsWithChange() throws FileNotFoundException {
MockS3ChangeLogStore store = new MockS3ChangeLogStore(null);
ArrayList<S3ObjectSummary> objectList = new ArrayList<>();
S3ObjectSummary objectSummary = new S3ObjectSummary();
objectSummary.setKey("iaas");
objectSummary.setLastModified(new Date(100));
objectList.add(objectSummary);
objectSummary = new S3ObjectSummary();
objectSummary.setKey("iaas.athenz");
objectSummary.setLastModified(new Date(200));
objectList.add(objectSummary);
ObjectListing objectListing = mock(ObjectListing.class);
when(objectListing.getObjectSummaries()).thenReturn(objectList);
when(objectListing.isTruncated()).thenReturn(false);
when(store.awsS3Client.listObjects(any(ListObjectsRequest.class))).thenReturn(objectListing);
InputStream is = new FileInputStream("src/test/resources/iaas.json");
MockS3ObjectInputStream s3Is = new MockS3ObjectInputStream(is, null);
S3Object object = mock(S3Object.class);
when(object.getObjectContent()).thenReturn(s3Is);
when(store.awsS3Client.getObject("athenz-domain-sys.auth", "iaas")).thenReturn(object);
when(store.awsS3Client.getObject("athenz-domain-sys.auth", "iaas.athenz")).thenReturn(object);
// set the last modification time to return one of the domains
store.lastModTime = (new Date(150)).getTime();
StringBuilder lastModTimeBuffer = new StringBuilder(512);
SignedDomains signedDomains = store.getUpdatedSignedDomains(lastModTimeBuffer);
assertTrue(lastModTimeBuffer.length() > 0);
List<SignedDomain> domainList = signedDomains.getDomains();
assertEquals(domainList.size(), 1);
DomainData domainData = domainList.get(0).getDomain();
assertNotNull(domainData);
assertEquals(domainData.getName(), "iaas");
}
Also used :
FileInputStream(java.io.FileInputStream)
S3ObjectInputStream(com.amazonaws.services.s3.model.S3ObjectInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
DomainData(com.yahoo.athenz.zms.DomainData)
ObjectListing(com.amazonaws.services.s3.model.ObjectListing)
S3ObjectSummary(com.amazonaws.services.s3.model.S3ObjectSummary)
SignedDomains(com.yahoo.athenz.zms.SignedDomains)
Date(java.util.Date)
FileInputStream(java.io.FileInputStream)
ListObjectsRequest(com.amazonaws.services.s3.model.ListObjectsRequest)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
S3Object(com.amazonaws.services.s3.model.S3Object)
Test(org.testng.annotations.Test)
Example 2 with SignedDomains
use of com.yahoo.athenz.zms.SignedDomains in project athenz by yahoo.
the class DataStoreTest method testProcessDomainUpdatesFromZMSWithUpdater.
@Test
public void testProcessDomainUpdatesFromZMSWithUpdater() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
((MockZMSFileChangeLogStore) store.changeLogStore).setTagHeader("2014-01-01T12:00:00");
store.loadZMSPublicKeys();
SignedDomain signedDomain = createSignedDomain("coretech", "weather");
store.processDomain(signedDomain, true);
List<SignedDomain> domains = new ArrayList<>();
/* we're going to create a new domain */
signedDomain = createSignedDomain("sports", "weather");
domains.add(signedDomain);
/* we're going to update the coretech domain and set new roles */
signedDomain = createSignedDomain("coretech", "weather");
Role role = new Role();
role.setName("coretech:role.admin");
List<RoleMember> members = new ArrayList<>();
members.add(new RoleMember().setMemberName("user_domain.user8"));
role.setRoleMembers(members);
List<Role> roles = new ArrayList<>();
roles.add(role);
signedDomain.getDomain().setRoles(roles);
signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(signedDomain.getDomain()), pkey));
domains.add(signedDomain);
SignedDomains signedDomains = new SignedDomains();
signedDomains.setDomains(domains);
((MockZMSFileChangeLogStore) store.changeLogStore).setSignedDomains(signedDomains);
store.lastDeleteRunTime = System.currentTimeMillis() - 24 * 60 * 60;
DataUpdater updater = store.new DataUpdater();
updater.run();
Set<String> accessibleRoles = new HashSet<>();
DataCache data = store.getDataCache("coretech");
store.getAccessibleRoles(data, "coretech", "user_domain.user1", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
accessibleRoles = new HashSet<>();
store.getAccessibleRoles(data, "coretech", "user_domain.user8", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 1);
assertTrue(accessibleRoles.contains("admin"));
accessibleRoles = new HashSet<>();
data = store.getDataCache("sports");
store.getAccessibleRoles(data, "sports", "user_domain.user", null, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 2);
assertTrue(accessibleRoles.contains("admin"));
assertTrue(accessibleRoles.contains("writers"));
}
Also used :
ArrayList(java.util.ArrayList)
SignedDomains(com.yahoo.athenz.zms.SignedDomains)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Role(com.yahoo.athenz.zms.Role)
MemberRole(com.yahoo.athenz.zts.cache.MemberRole)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
DataUpdater(com.yahoo.athenz.zts.store.DataStore.DataUpdater)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
RoleMember(com.yahoo.athenz.zms.RoleMember)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 3 with SignedDomains
use of com.yahoo.athenz.zms.SignedDomains in project athenz by yahoo.
the class ZMSFileChangeLogStoreTest method getSignedDomainListOneBadDomain.
@Test
public void getSignedDomainListOneBadDomain() {
ZMSFileChangeLogStore fstore = new ZMSFileChangeLogStore(FSTORE_PATH, null, null);
ZMSClient zmsClient = Mockito.mock(ZMSClient.class);
DomainData domData1 = new DomainData().setName("athenz");
SignedDomain domain1 = new SignedDomain().setDomain(domData1);
DomainData domData2 = new DomainData().setName("sports");
SignedDomain domain2 = new SignedDomain().setDomain(domData2);
List<SignedDomain> domains = new ArrayList<>();
domains.add(domain1);
domains.add(domain2);
SignedDomains domainList = new SignedDomains().setDomains(domains);
List<SignedDomain> mockDomains = new ArrayList<>();
mockDomains.add(domain1);
SignedDomains mockDomainList = new SignedDomains().setDomains(mockDomains);
Mockito.when(zmsClient.getSignedDomains("athenz", null, null, null)).thenReturn(mockDomainList);
Mockito.when(zmsClient.getSignedDomains("sports", null, null, null)).thenReturn(null);
List<SignedDomain> returnList = fstore.getSignedDomainList(zmsClient, domainList);
assertEquals(returnList.size(), 1);
assertEquals(returnList.get(0).getDomain().getName(), "athenz");
}
Also used :
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DomainData(com.yahoo.athenz.zms.DomainData)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
ArrayList(java.util.ArrayList)
SignedDomains(com.yahoo.athenz.zms.SignedDomains)
ZMSClient(com.yahoo.athenz.zms.ZMSClient)
Test(org.testng.annotations.Test)
Example 4 with SignedDomains
use of com.yahoo.athenz.zms.SignedDomains in project athenz by yahoo.
the class DataStore method processDomainUpdates.
/**
* Poll for new domains and updated domains from the ChangeLogStore (ZMS).
* Called by {@code DataUpdater.run()} thread. Deletes are handled separately in {@code processDomainDeletes()}
* @return true if we have updates, false otherwise
*/
public boolean processDomainUpdates() {
StringBuilder lastModTimestamp = new StringBuilder(128);
SignedDomains signedDomains = changeLogStore.getUpdatedSignedDomains(lastModTimestamp);
if (signedDomains == null && lastModTimestamp.length() == 0) {
return false;
}
/* process all of our received updated domains */
boolean result = processSignedDomains(signedDomains);
if (result) {
changeLogStore.setLastModificationTimestamp(lastModTimestamp.toString());
}
return result;
}
Also used :
SignedDomains(com.yahoo.athenz.zms.SignedDomains)
Example 5 with SignedDomains
use of com.yahoo.athenz.zms.SignedDomains in project athenz by yahoo.
the class ZMSFileChangeLogStore method getUpdatedSignedDomains.
@Override
public SignedDomains getUpdatedSignedDomains(StringBuilder lastModTimeBuffer) {
try (ZMSClient zmsClient = getZMSClient()) {
// request all the changes from ZMS. In this call we're asking for
// meta data only so we'll only get the list of domains
Map<String, List<String>> responseHeaders = new HashMap<String, List<String>>();
SignedDomains domainList = zmsClient.getSignedDomains(null, VALUE_TRUE, lastModTime, responseHeaders);
// retrieve the tag value for the request
String newLastModTime = retrieveTagHeader(responseHeaders);
if (newLastModTime == null) {
return null;
}
// set the last modification time to be returned to the caller
lastModTimeBuffer.setLength(0);
lastModTimeBuffer.append(newLastModTime);
if (domainList == null || domainList.getDomains() == null) {
return null;
}
if (LOGGER.isInfoEnabled()) {
LOGGER.info("getUpdatedSignedDomains: {} updated domains", domainList.getDomains().size());
}
List<SignedDomain> domains = getSignedDomainList(zmsClient, domainList);
return new SignedDomains().setDomains(domains);
} catch (ZMSClientException ex) {
LOGGER.error("Error when refreshing data from ZMS: {}", ex.getMessage());
return null;
}
}
Also used :
HashMap(java.util.HashMap)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
ArrayList(java.util.ArrayList)
List(java.util.List)
SignedDomains(com.yahoo.athenz.zms.SignedDomains)
ZMSClient(com.yahoo.athenz.zms.ZMSClient)
ZMSClientException(com.yahoo.athenz.zms.ZMSClientException)
Aggregations
SignedDomains (com.yahoo.athenz.zms.SignedDomains)13
SignedDomain (com.yahoo.athenz.zms.SignedDomain)10
ArrayList (java.util.ArrayList)9
Test (org.testng.annotations.Test)8
ListObjectsRequest (com.amazonaws.services.s3.model.ListObjectsRequest)4
ObjectListing (com.amazonaws.services.s3.model.ObjectListing)4
S3ObjectSummary (com.amazonaws.services.s3.model.S3ObjectSummary)4
DomainData (com.yahoo.athenz.zms.DomainData)4
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)4
ZMSClient (com.yahoo.athenz.zms.ZMSClient)3
AmazonS3 (com.amazonaws.services.s3.AmazonS3)2
S3Object (com.amazonaws.services.s3.model.S3Object)2
S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)2
ZMSClientException (com.yahoo.athenz.zms.ZMSClientException)2
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)2
Date (java.util.Date)2
Role (com.yahoo.athenz.zms.Role)1
RoleMember (com.yahoo.athenz.zms.RoleMember)1
DataCache (com.yahoo.athenz.zts.cache.DataCache)1
MemberRole (com.yahoo.athenz.zts.cache.MemberRole)1
