Example 21 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class DBServiceTest method testSetMembersInDomainNullRoles.
@Test
public void testSetMembersInDomainNullRoles() {
String domainName = "null-roles";
Domain domain = new Domain().setModified(Timestamp.fromCurrentTime());
AthenzDomain athenzDomain = new AthenzDomain(domainName);
athenzDomain.setDomain(domain);
athenzDomain.setRoles(null);
Mockito.when(mockObjStore.getConnection(true, false)).thenReturn(mockJdbcConn);
Mockito.when(mockJdbcConn.getAthenzDomain(domainName)).thenReturn(athenzDomain);
ObjectStore saveStore = zms.dbService.store;
zms.dbService.store = mockObjStore;
AthenzDomain resAthenzDomain = zms.dbService.getAthenzDomain(domainName, false);
assertNull(resAthenzDomain.getRoles());
zms.dbService.store = saveStore;
}
Also used :
ObjectStore(com.yahoo.athenz.zms.store.ObjectStore)
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Test(org.testng.annotations.Test)
Example 22 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImpl method getGroups.
@Override
public Groups getGroups(ResourceContext ctx, String domainName, Boolean members, String tagKey, String tagValue) {
final String caller = ctx.getApiName();
logPrincipal(ctx);
validateRequest(ctx.request(), caller);
validate(domainName, TYPE_DOMAIN_NAME, caller);
// for consistent handling of all requests, we're going to convert
// all incoming object values into lower case (e.g. domain, role,
// policy, service, etc name)
domainName = domainName.toLowerCase();
setRequestDomain(ctx, domainName);
Groups result = new Groups();
AthenzDomain domain = getAthenzDomain(domainName, false);
if (domain == null) {
throw ZMSUtils.notFoundError("Domain not found: '" + domainName + "'", caller);
}
result.setList(setupGroupList(domain, members, tagKey, tagValue));
return result;
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 23 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImpl method isAuthorizedProviderService.
boolean isAuthorizedProviderService(String authorizedService, String provSvcDomain, String provSvcName, Principal principal) {
if (authorizedService == null) {
return false;
}
if (!authorizedService.equals(provSvcDomain + "." + provSvcName)) {
return false;
}
// verify that provider service does indeed have access to provision
// its own tenants. the authorize statement for the putTenantRole
// command is defined in the RDL as:
// authorize ("UPDATE", "{domain}:tenant.{service}");
AthenzDomain domain = getAthenzDomain(provSvcDomain, true);
if (domain == null) {
return false;
}
// evaluate our domain's roles and policies to see if access
// is allowed or not for the given operation and resource
String resource = provSvcDomain + ":tenant." + provSvcName;
AccessStatus accessStatus = evaluateAccess(domain, authorizedService, "update", resource, null, null, principal);
return accessStatus == AccessStatus.ALLOWED;
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 24 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImpl method putRoleReview.
@Override
public void putRoleReview(ResourceContext ctx, String domainName, String roleName, String auditRef, Role role) {
final String caller = ctx.getApiName();
logPrincipal(ctx);
if (readOnlyMode.get()) {
throw ZMSUtils.requestError(SERVER_READ_ONLY_MESSAGE, caller);
}
validateRequest(ctx.request(), caller);
validate(domainName, TYPE_DOMAIN_NAME, caller);
validate(roleName, TYPE_ENTITY_NAME, caller);
validate(role, TYPE_ROLE, caller);
// for consistent handling of all requests, we're going to convert
// all incoming object values into lower case (e.g. domain, role,
// policy, service, etc name)
domainName = domainName.toLowerCase();
setRequestDomain(ctx, domainName);
roleName = roleName.toLowerCase();
AthenzObject.ROLE.convertToLowerCase(role);
// verify that request is properly authenticated for this request
verifyAuthorizedServiceOperation(((RsrcCtxWrapper) ctx).principal().getAuthorizedService(), caller);
if (!isConsistentRoleName(domainName, roleName, role)) {
throw ZMSUtils.requestError(caller + ": Inconsistent role names - expected: " + ResourceUtils.roleResourceName(domainName, roleName) + ", actual: " + role.getName(), caller);
}
AthenzDomain domain = getAthenzDomain(domainName, false);
if (domain == null) {
throw ZMSUtils.notFoundError("No such domain: " + domainName, caller);
}
Role dbRole = getRoleFromDomain(roleName, domain);
// normalize and remove duplicate members
normalizeRoleMembers(role);
// update role expiry based on our configurations
MemberDueDays memberExpiryDueDays = new MemberDueDays(domain.getDomain(), dbRole, MemberDueDays.Type.EXPIRY);
MemberDueDays memberReminderDueDays = new MemberDueDays(null, dbRole, MemberDueDays.Type.REMINDER);
updateRoleMemberExpiration(memberExpiryDueDays, role.getRoleMembers());
// update role review based on our configurations
updateRoleMemberReviewReminder(memberReminderDueDays, role.getRoleMembers());
// process our request
dbService.executePutRoleReview(ctx, domainName, roleName, role, memberExpiryDueDays, memberReminderDueDays, auditRef, caller);
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 25 with AthenzDomain
use of com.yahoo.athenz.zms.store.AthenzDomain in project athenz by yahoo.
the class ZMSImpl method retrieveAccessDomain.
AthenzDomain retrieveAccessDomain(String domainName, Principal principal) {
if (LOG.isDebugEnabled()) {
LOG.debug("retrieveAccessDomain: identity: {} domain: {}", principal.getFullName(), domainName);
}
AthenzDomain domain = getAthenzDomain(domainName, false);
if (domain != null) {
return domain;
}
if (LOG.isDebugEnabled()) {
LOG.debug("retrieveAccessDomain: domain not found, looking for virtual domain");
}
if (!virtualDomainSupport) {
return null;
}
if (principal.getDomain() == null) {
return null;
}
if (!principal.getDomain().equals(userDomain)) {
return null;
}
final String userHomeDomain = homeDomainPrefix + getUserDomainName(principal.getName());
if (!userHomeDomain.equals(domainName)) {
return null;
}
return virtualHomeDomain(principal, domainName);
}
Also used :
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Aggregations
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)104
Test (org.testng.annotations.Test)28
Principal (com.yahoo.athenz.auth.Principal)14
Authority (com.yahoo.athenz.auth.Authority)13
MetricNotificationService (com.yahoo.athenz.common.server.notification.impl.MetricNotificationService)13
ZMSNotificationManagerTest.getNotificationManager (com.yahoo.athenz.zms.notification.ZMSNotificationManagerTest.getNotificationManager)13
DBService (com.yahoo.athenz.zms.DBService)6
Role (com.yahoo.athenz.zms.Role)6
RoleMember (com.yahoo.athenz.zms.RoleMember)6
ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)3
ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)3
java.sql (java.sql)3
SQLException (java.sql.SQLException)2
AuthzDetailsEntity (com.yahoo.athenz.common.config.AuthzDetailsEntity)1
DomainRoleMembersFetcher (com.yahoo.athenz.common.server.notification.DomainRoleMembersFetcher)1
DataCache (com.yahoo.athenz.zms.DBService.DataCache)1
Domain (com.yahoo.athenz.zms.Domain)1
ResourceException (com.yahoo.athenz.zms.ResourceException)1
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1
Timestamp (com.yahoo.rdl.Timestamp)1
