Search in sources :

Example 36 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method putDomainDependency.

public void putDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
            // verify domain exists
            Domain domain = con.getDomain(domainName);
            if (domain == null) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
            }
            // now process the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            if (!processDomainDependency(con, domainName, service, auditDetails)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError("unable to put dependency on domain " + domainName + " for service " + service, caller);
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, service, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 37 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method deleteDomainDependency.

public void deleteDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
            // verify domain exists
            Domain domain = con.getDomain(domainName);
            if (domain == null) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
            }
            // now process the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            if (!processDeleteDomainDependency(con, domainName, service, auditDetails)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError("unable to delete dependency on domain " + domainName + " for service " + service, caller);
            }
            // update our domain time-stamp and save changes
            saveChanges(con, domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, service, auditDetails.toString());
            // add domain change event
            addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 38 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executePutDomainMeta.

void executePutDomainMeta(ResourceContext ctx, Domain domain, DomainMeta meta, final String systemAttribute, boolean deleteAllowed, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(false, true)) {
            final String domainName = domain.getName();
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domain, auditRef, caller, getPrincipalName(ctx), AUDIT_TYPE_DOMAIN);
            // now process the request. first we're going to make a
            // copy of our domain
            Domain updatedDomain = new Domain().setName(domain.getName()).setEnabled(domain.getEnabled()).setId(domain.getId()).setAuditEnabled(domain.getAuditEnabled()).setDescription(domain.getDescription()).setOrg(domain.getOrg()).setApplicationId(domain.getApplicationId()).setAccount(domain.getAccount()).setAzureSubscription(domain.getAzureSubscription()).setYpmId(domain.getYpmId()).setCertDnsDomain(domain.getCertDnsDomain()).setMemberExpiryDays(domain.getMemberExpiryDays()).setServiceExpiryDays(domain.getServiceExpiryDays()).setGroupExpiryDays(domain.getGroupExpiryDays()).setTokenExpiryMins(domain.getTokenExpiryMins()).setRoleCertExpiryMins(domain.getRoleCertExpiryMins()).setServiceCertExpiryMins(domain.getServiceCertExpiryMins()).setSignAlgorithm(domain.getSignAlgorithm()).setUserAuthorityFilter(domain.getUserAuthorityFilter()).setBusinessService(domain.getBusinessService()).setTags(domain.getTags()).setBusinessService(domain.getBusinessService());
            if (systemAttribute != null) {
                updateSystemMetaFields(updatedDomain, systemAttribute, deleteAllowed, meta);
            } else {
                updateDomainMetaFields(updatedDomain, meta);
            }
            con.updateDomain(updatedDomain);
            if (!processDomainTags(con, meta.getTags(), domain, domainName, true)) {
                con.rollbackChanges();
                throw ZMSUtils.internalServerError(caller + "Unable to update tags", caller);
            }
            con.commitChanges();
            cacheStore.invalidate(domainName);
            // audit log the request
            StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
            auditLogDomain(auditDetails, updatedDomain);
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, domainName, auditDetails.toString());
            // if the domain member expiry date has changed then we're going
            // process all the members in the domain and update the expiration
            // date accordingly
            updateDomainMembersExpiration(ctx, con, domain, updatedDomain, auditRef, caller);
            // if the domain user attribute expiry has changed we need to
            // process all the members in the domain accordingly
            updateDomainMembersUserAuthorityFilter(ctx, con, domain, updatedDomain, auditRef, caller);
            // add domain change event
            addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection) AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)

Example 39 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteQuota.

void executeDeleteQuota(ResourceContext ctx, String domainName, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            if (!con.deleteQuota(domainName)) {
                throw ZMSUtils.notFoundError(caller + ": unable to delete quota: " + domainName, caller);
            }
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, domainName, null);
            // add domain change event
            addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Example 40 with ObjectStoreConnection

use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.

the class DBService method executeDeleteMembership.

void executeDeleteMembership(ResourceContext ctx, String domainName, String roleName, String normalizedMember, String auditRef, String caller) {
    for (int retryCount = defaultRetryCount; ; retryCount--) {
        try (ObjectStoreConnection con = store.getConnection(true, true)) {
            final String principal = getPrincipalName(ctx);
            // first verify that auditing requirements are met
            checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_ROLE);
            if (!con.deleteRoleMember(domainName, roleName, normalizedMember, principal, auditRef)) {
                con.rollbackChanges();
                throw ZMSUtils.notFoundError(caller + ": unable to delete role member: " + normalizedMember + " from role: " + roleName, caller);
            }
            // update our role and domain time-stamps, and invalidate local cache entry
            con.updateRoleModTimestamp(domainName, roleName);
            con.updateDomainModTimestamp(domainName);
            cacheStore.invalidate(domainName);
            // audit log the request
            auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, roleName, "{\"member\": \"" + normalizedMember + "\"}");
            // add domain change event
            addDomainChangeMessage(ctx, domainName, roleName, DomainChangeMessage.ObjectType.ROLE);
            return;
        } catch (ResourceException ex) {
            if (!shouldRetryOperation(ex, retryCount)) {
                throw ex;
            }
        }
    }
}
Also used : ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)

Aggregations

ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)173 Test (org.testng.annotations.Test)96 ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)38 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)34 Authority (com.yahoo.athenz.auth.Authority)23 Timestamp (com.yahoo.rdl.Timestamp)17 ArrayList (java.util.ArrayList)16 MemberDueDays (com.yahoo.athenz.zms.config.MemberDueDays)11 Principal (com.yahoo.athenz.auth.Principal)7 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 EmbeddedMysql (com.wix.mysql.EmbeddedMysql)5 FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)5 Crypto (com.yahoo.athenz.auth.util.Crypto)5 AuditReferenceValidator (com.yahoo.athenz.common.server.audit.AuditReferenceValidator)5 NotificationManager (com.yahoo.athenz.common.server.notification.NotificationManager)5 ResourceUtils (com.yahoo.athenz.common.server.util.ResourceUtils)5 DataCache (com.yahoo.athenz.zms.DBService.DataCache)5 MockAuditReferenceValidatorImpl (com.yahoo.athenz.zms.audit.MockAuditReferenceValidatorImpl)5 JDBCConnection (com.yahoo.athenz.zms.store.impl.jdbc.JDBCConnection)5 ZMSUtils (com.yahoo.athenz.zms.utils.ZMSUtils)5