Examples with ObjectStoreConnection com.yahoo.athenz.zms.store.ObjectStoreConnection used on opensource projects

Example 76 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeletePolicy.

void executeDeletePolicy(ResourceContext ctx, String domainName, String policyName, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, getPrincipalName(ctx), AUDIT_TYPE_POLICY);
            // extract the current policy for audit log purposes
            List<String> versions = con.listPolicyVersions(domainName, policyName);
            if (versions == null || versions.isEmpty()) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": unable to get versions for policy: " + policyName, caller);
            }
            List<Policy> policyVersions = new ArrayList<>();
            for (String version : versions) {
                Policy policy = getPolicy(con, domainName, policyName, version);
                if (policy == null) {
                    con.rollbackChanges();
                    throw ZMSUtils.notFoundError(caller + ": unable to read policy: " + policyName + ", with version: " + version, caller);
                }
                policyVersions.add(policy);
            }
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            auditLogPolicy(auditDetails, policyVersions, "deleted-policy-versions");
            if (!con.deletePolicy(domainName, policyName)) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": unable to delete policy: " + policyName, caller);
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, policyName, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, policyName, DomainChangeMessage.ObjectType.POLICY);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}

Example 77 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method updateDomainModTimestamp.

void updateDomainModTimestamp(final String domainName) {
    try (ObjectStoreConnection con = store.getConnection(true, true)) {
        // update domain time-stamps, and invalidate local cache entry
        con.updateDomainModTimestamp(domainName);
        cacheStore.invalidate(domainName);
    }
}

Example 78 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executePutProviderRoles.

void executePutProviderRoles(ResourceContext ctx, String tenantDomain, String provSvcDomain, String provSvcName, String resourceGroup, List<String> roles, Boolean skipPrincipalMember, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String principalName = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, tenantDomain, auditRef, caller, principalName, AUDIT_TYPE_TENANCY);
            // we're going to create a separate role for each one of tenant roles returned
            // based on its action and set the caller as a member in each role
            // now set up the roles and policies for all the provider roles returned.
            final String rolePrefix = ZMSUtils.getProviderResourceGroupRolePrefix(provSvcDomain, provSvcName, resourceGroup);
            final String trustedRolePrefix = ZMSUtils.getTrustedResourceGroupRolePrefix(provSvcDomain, provSvcName, tenantDomain, resourceGroup);
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            auditDetails.append("{\"put-provider-roles\": [");
            boolean firstEntry = true;
            for (String role : roles) {
                // we need to create a new object for each role since the list is updated
                // in case the role already has existing members, but we don't want to
                // add those members to other roles in our list
                List<RoleMember> roleMembers = new ArrayList<>();
                if (principalName != null && skipPrincipalMember != Boolean.TRUE) {
                    RoleMember roleMember = new RoleMember();
                    roleMember.setMemberName(principalName);
                    roleMembers.add(roleMember);
                }
                role = role.toLowerCase();
                if (LOG.isInfoEnabled()) {
                    LOG.info("executePutProviderRoles: provision ASSUME_ROLE policy for access remote role in " + provSvcDomain + "." + provSvcName + ": " + resourceGroup + "." + role);
                }
                firstEntry = auditLogSeparator(auditDetails, firstEntry);
                addAssumeRolePolicy(ctx, con, rolePrefix, trustedRolePrefix, role, roleMembers, tenantDomain, principalName, auditRef, auditDetails, caller);
            }
            auditDetails.append("]}");
            // update our domain time-stamp and save changes
            saveChanges(con, tenantDomain);
            // audit log the request
            auditLogRequest(ctx, tenantDomain, auditRef, caller, ZMSConsts.HTTP_PUT, provSvcDomain, auditDetails.toString());
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}

Example 79 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeletePendingMembership.

void executeDeletePendingMembership(ResourceContext ctx, String domainName, String roleName, String normalizedMember, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_ROLE);
            if (!con.deletePendingRoleMember(domainName, roleName, normalizedMember, principal, auditRef)) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": unable to delete pending role member: " + normalizedMember + " from role: " + roleName, caller);
            }
            // update our role and domain time-stamps, and invalidate local cache entry
            con.updateRoleModTimestamp(domainName, roleName);
            con.updateDomainModTimestamp(domainName);
            cacheStore.invalidate(domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, roleName, "{\"pending-member\": \"" + normalizedMember + "\"}");
            // add domain change event
            addDomainChangeMessage(ctx, domainName, roleName, DomainChangeMessage.ObjectType.ROLE);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}

Example 80 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteServiceIdentity.

void executeDeleteServiceIdentity(ResourceContext ctx, String domainName, String serviceName, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, getPrincipalName(ctx), AUDIT_TYPE_SERVICE);
            if (!con.deleteServiceIdentity(domainName, serviceName)) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": unable to delete service: " + serviceName, caller);
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, serviceName, null);
            // add domain change event
            addDomainChangeMessage(ctx, domainName, serviceName, DomainChangeMessage.ObjectType.SERVICE);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}