use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executePutGroup.
void executePutGroup(ResourceContext ctx, final String domainName, final String groupName, Group group, final String auditRef) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, ctx.getApiName(), principal, AUDIT_TYPE_GROUP);
// check that quota is not exceeded
quotaCheck.checkGroupQuota(con, domainName, group, ctx.getApiName());
// retrieve our original group
Group originalGroup = getGroup(con, domainName, groupName, false, false);
if (originalGroup != null && (originalGroup.getAuditEnabled() == Boolean.TRUE || originalGroup.getReviewEnabled() == Boolean.TRUE)) {
throw ZMSUtils.requestError("Can not update auditEnabled and/or reviewEnabled groups", ctx.getApiName());
}
// now process the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
if (!processGroup(con, originalGroup, domainName, groupName, group, principal, auditRef, auditDetails)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError("unable to put group: " + group.getName(), ctx.getApiName());
}
// update our domain time-stamp and save changes
saveChanges(con, domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, ctx.getApiName(), ZMSConsts.HTTP_PUT, groupName, auditDetails.toString());
// add domain change event
addDomainChangeMessage(ctx, domainName, groupName, DomainChangeMessage.ObjectType.GROUP);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method getPrincipals.
/**
* This method returns list of Principals based on the state parameter supplied
* @param queriedState state of principal
* @return List of Principals from DB
*/
List<Principal> getPrincipals(int queriedState) {
List<Principal> principals = new ArrayList<>();
Principal principal;
try (ObjectStoreConnection con = store.getConnection(true, false)) {
List<String> dbPrincipals = con.getPrincipals(queriedState);
Principal.State principalState = Principal.State.getState(queriedState);
for (String dbPrincipal : dbPrincipals) {
principal = ZMSUtils.createPrincipalForName(dbPrincipal, zmsConfig.getUserDomain(), null);
((SimplePrincipal) principal).setState(principalState);
principals.add(principal);
}
}
return principals;
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executeDeleteGroupMembership.
void executeDeleteGroupMembership(ResourceContext ctx, final String domainName, final String groupName, final String normalizedMember, final String auditRef) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(true, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, ctx.getApiName(), principal, AUDIT_TYPE_GROUP);
if (!con.deleteGroupMember(domainName, groupName, normalizedMember, principal, auditRef)) {
con.rollbackChanges();
throw ZMSUtils.notFoundError("unable to delete group member: " + normalizedMember + " from group: " + groupName, ctx.getApiName());
}
// update our group and domain time-stamps, and invalidate local cache entry
con.updateGroupModTimestamp(domainName, groupName);
con.updateDomainModTimestamp(domainName);
cacheStore.invalidate(domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, ctx.getApiName(), ZMSConsts.HTTP_DELETE, groupName, "{\"member\": \"" + normalizedMember + "\"}");
// add domain change event
addDomainChangeMessage(ctx, domainName, groupName, DomainChangeMessage.ObjectType.GROUP);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executeDeleteDomainRoleMember.
void executeDeleteDomainRoleMember(ResourceContext ctx, String domainName, String memberName, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(true, true)) {
// remove this user from all roles manually so that we
// can have an audit log record for each role
removePrincipalFromDomainRoles(ctx, con, domainName, memberName, getPrincipalName(ctx), auditRef);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, memberName, null);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method putDomainDependency.
public void putDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
// verify domain exists
Domain domain = con.getDomain(domainName);
if (domain == null) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
}
// now process the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
if (!processDomainDependency(con, domainName, service, auditDetails)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError("unable to put dependency on domain " + domainName + " for service " + service, caller);
}
// update our domain time-stamp and save changes
saveChanges(con, domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, service, auditDetails.toString());
// add domain change event
addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Aggregations