Search in sources :

Example 71 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method deleteDomainDependency.

public void deleteDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
            // verify domain exists
            Domain domain = con.getDomain(domainName);
            if (domain == null) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
            }
            // now process the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            if (!processDeleteDomainDependency(con, domainName, service, auditDetails)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError("unable to delete dependency on domain " + domainName + " for service " + service, caller);
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, service, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 72 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executePutDomainMeta.

void executePutDomainMeta(ResourceContext ctx, Domain domain, DomainMeta meta, final String systemAttribute, boolean deleteAllowed, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String domainName = domain.getName();
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domain, auditRef, caller, getPrincipalName(ctx), AUDIT_TYPE_DOMAIN);
            // now process the request. first we're going to make a
            // copy of our domain
            Domain updatedDomain = new Domain().setName(domain.getName()).setEnabled(domain.getEnabled()).setId(domain.getId()).setAuditEnabled(domain.getAuditEnabled()).setDescription(domain.getDescription()).setOrg(domain.getOrg()).setApplicationId(domain.getApplicationId()).setAccount(domain.getAccount()).setAzureSubscription(domain.getAzureSubscription()).setYpmId(domain.getYpmId()).setCertDnsDomain(domain.getCertDnsDomain()).setMemberExpiryDays(domain.getMemberExpiryDays()).setServiceExpiryDays(domain.getServiceExpiryDays()).setGroupExpiryDays(domain.getGroupExpiryDays()).setTokenExpiryMins(domain.getTokenExpiryMins()).setRoleCertExpiryMins(domain.getRoleCertExpiryMins()).setServiceCertExpiryMins(domain.getServiceCertExpiryMins()).setSignAlgorithm(domain.getSignAlgorithm()).setUserAuthorityFilter(domain.getUserAuthorityFilter()).setBusinessService(domain.getBusinessService()).setTags(domain.getTags()).setBusinessService(domain.getBusinessService());
            if (systemAttribute != null) {
                updateSystemMetaFields(updatedDomain, systemAttribute, deleteAllowed, meta);
            } else {
                updateDomainMetaFields(updatedDomain, meta);
            }
            con.updateDomain(updatedDomain);
            if (!processDomainTags(con, meta.getTags(), domain, domainName, true)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError(caller + "Unable to update tags", caller);
            }
            con.commitChanges();
            cacheStore.invalidate(domainName);
            // audit log the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            auditLogDomain(auditDetails, updatedDomain);
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, domainName, auditDetails.toString());
            // if the domain member expiry date has changed then we're going
            // process all the members in the domain and update the expiration
            // date accordingly
            updateDomainMembersExpiration(ctx, con, domain, updatedDomain, auditRef, caller);
            // if the domain user attribute expiry has changed we need to
            // process all the members in the domain accordingly
            updateDomainMembersUserAuthorityFilter(ctx, con, domain, updatedDomain, auditRef, caller);
            // add domain change event
            addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 73 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteQuota.

void executeDeleteQuota(ResourceContext ctx, String domainName, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            if (!con.deleteQuota(domainName)) {
                throw ZMSUtils.notFoundError(caller + ": unable to delete quota: " + domainName, caller);
            }
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, domainName, null);
            // add domain change event
            addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Example 74 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteMembership.

void executeDeleteMembership(ResourceContext ctx, String domainName, String roleName, String normalizedMember, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_ROLE);
            if (!con.deleteRoleMember(domainName, roleName, normalizedMember, principal, auditRef)) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": unable to delete role member: " + normalizedMember + " from role: " + roleName, caller);
            }
            // update our role and domain time-stamps, and invalidate local cache entry
            con.updateRoleModTimestamp(domainName, roleName);
            con.updateDomainModTimestamp(domainName);
            cacheStore.invalidate(domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, roleName, "{\"member\": \"" + normalizedMember + "\"}");
            // add domain change event
            addDomainChangeMessage(ctx, domainName, roleName, DomainChangeMessage.ObjectType.ROLE);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Example 75 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executePutGroupMembership.

void executePutGroupMembership(ResourceContext ctx, final String domainName, Group group, GroupMember groupMember, final String auditRef) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, ctx.getApiName(), principal, AUDIT_TYPE_GROUP);
            // make sure the group auditing requirements are met
            checkObjectAuditEnabled(con, group.getAuditEnabled(), group.getName(), auditRef, ctx.getApiName(), principal);
            // now we need verify our quota check
            final String groupName = ZMSUtils.extractGroupName(domainName, group.getName());
            quotaCheck.checkGroupMembershipQuota(con, domainName, groupName, ctx.getApiName());
            if (!con.insertGroupMember(domainName, groupName, groupMember, principal, auditRef)) {
                con.rollbackChanges();
                throw ZMSUtils.requestError("unable to insert group member: " + groupMember.getMemberName() + " to group: " + groupName, ctx.getApiName());
            }
            // update our group and domain time-stamps, and invalidate local cache entry
            con.updateGroupModTimestamp(domainName, groupName);
            con.updateDomainModTimestamp(domainName);
            cacheStore.invalidate(domainName);
            // audit log the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            auditLogGroupMember(auditDetails, groupMember, true);
            auditLogRequest(ctx, domainName, auditRef, ctx.getApiName(), ZMSConsts.HTTP_PUT, groupName, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, groupName, DomainChangeMessage.ObjectType.GROUP);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Aggregations

ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)173 Test (org.testng.annotations.Test)96 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)38 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)34 Authority (com.yahoo.athenz.auth.Authority)23 Timestamp (com.yahoo.rdl.Timestamp)17 ArrayList (java.util.ArrayList)16 MemberDueDays (com.yahoo.athenz.zms.config.MemberDueDays)11 Principal (com.yahoo.athenz.auth.Principal)7 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 EmbeddedMysql (com.wix.mysql.EmbeddedMysql)5 FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)5 Crypto (com.yahoo.athenz.auth.util.Crypto)5 AuditReferenceValidator (com.yahoo.athenz.common.server.audit.AuditReferenceValidator)5 NotificationManager (com.yahoo.athenz.common.server.notification.NotificationManager)5 ResourceUtils (com.yahoo.athenz.common.server.util.ResourceUtils)5 DataCache (com.yahoo.athenz.zms.DBService.DataCache)5 MockAuditReferenceValidatorImpl (com.yahoo.athenz.zms.audit.MockAuditReferenceValidatorImpl)5 JDBCConnection (com.yahoo.athenz.zms.store.impl.jdbc.JDBCConnection)5 ZMSUtils (com.yahoo.athenz.zms.utils.ZMSUtils)5