Search in sources :

Example 66 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executePutGroup.

void executePutGroup(ResourceContext ctx, final String domainName, final String groupName, Group group, final String auditRef) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, ctx.getApiName(), principal, AUDIT_TYPE_GROUP);
            // check that quota is not exceeded
            quotaCheck.checkGroupQuota(con, domainName, group, ctx.getApiName());
            // retrieve our original group
            Group originalGroup = getGroup(con, domainName, groupName, false, false);
            if (originalGroup != null && (originalGroup.getAuditEnabled() == Boolean.TRUE || originalGroup.getReviewEnabled() == Boolean.TRUE)) {
                throw ZMSUtils.requestError("Can not update auditEnabled and/or reviewEnabled groups", ctx.getApiName());
            }
            // now process the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            if (!processGroup(con, originalGroup, domainName, groupName, group, principal, auditRef, auditDetails)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError("unable to put group: " + group.getName(), ctx.getApiName());
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, ctx.getApiName(), ZMSConsts.HTTP_PUT, groupName, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, groupName, DomainChangeMessage.ObjectType.GROUP);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Example 67 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method getPrincipals.

/**
 * This method returns list of Principals based on the state parameter supplied
 * @param queriedState state of principal
 * @return List of Principals from DB
 */
List<Principal> getPrincipals(int queriedState) {
    List<Principal> principals = new ArrayList<>();
    Principal principal;
    try (ObjectStoreConnection con = store.getConnection(true, false)) {
        List<String> dbPrincipals = con.getPrincipals(queriedState);
        Principal.State principalState = Principal.State.getState(queriedState);
        for (String dbPrincipal : dbPrincipals) {
            principal = ZMSUtils.createPrincipalForName(dbPrincipal, zmsConfig.getUserDomain(), null);
            ((SimplePrincipal) principal).setState(principalState);
            principals.add(principal);
        }
    }
    return principals;
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 68 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteGroupMembership.

void executeDeleteGroupMembership(ResourceContext ctx, final String domainName, final String groupName, final String normalizedMember, final String auditRef) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, ctx.getApiName(), principal, AUDIT_TYPE_GROUP);
            if (!con.deleteGroupMember(domainName, groupName, normalizedMember, principal, auditRef)) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError("unable to delete group member: " + normalizedMember + " from group: " + groupName, ctx.getApiName());
            }
            // update our group and domain time-stamps, and invalidate local cache entry
            con.updateGroupModTimestamp(domainName, groupName);
            con.updateDomainModTimestamp(domainName);
            cacheStore.invalidate(domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, ctx.getApiName(), ZMSConsts.HTTP_DELETE, groupName, "{\"member\": \"" + normalizedMember + "\"}");
            // add domain change event
            addDomainChangeMessage(ctx, domainName, groupName, DomainChangeMessage.ObjectType.GROUP);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Example 69 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteDomainRoleMember.

void executeDeleteDomainRoleMember(ResourceContext ctx, String domainName, String memberName, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            // remove this user from all roles manually so that we
            // can have an audit log record for each role
            removePrincipalFromDomainRoles(ctx, con, domainName, memberName, getPrincipalName(ctx), auditRef);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, memberName, null);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Example 70 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method putDomainDependency.

public void putDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
            // verify domain exists
            Domain domain = con.getDomain(domainName);
            if (domain == null) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
            }
            // now process the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            if (!processDomainDependency(con, domainName, service, auditDetails)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError("unable to put dependency on domain " + domainName + " for service " + service, caller);
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, service, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Aggregations

ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)173 Test (org.testng.annotations.Test)96 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)38 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)34 Authority (com.yahoo.athenz.auth.Authority)23 Timestamp (com.yahoo.rdl.Timestamp)17 ArrayList (java.util.ArrayList)16 MemberDueDays (com.yahoo.athenz.zms.config.MemberDueDays)11 Principal (com.yahoo.athenz.auth.Principal)7 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 EmbeddedMysql (com.wix.mysql.EmbeddedMysql)5 FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)5 Crypto (com.yahoo.athenz.auth.util.Crypto)5 AuditReferenceValidator (com.yahoo.athenz.common.server.audit.AuditReferenceValidator)5 NotificationManager (com.yahoo.athenz.common.server.notification.NotificationManager)5 ResourceUtils (com.yahoo.athenz.common.server.util.ResourceUtils)5 DataCache (com.yahoo.athenz.zms.DBService.DataCache)5 MockAuditReferenceValidatorImpl (com.yahoo.athenz.zms.audit.MockAuditReferenceValidatorImpl)5 JDBCConnection (com.yahoo.athenz.zms.store.impl.jdbc.JDBCConnection)5 ZMSUtils (com.yahoo.athenz.zms.utils.ZMSUtils)5