use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method putDomainDependency.
public void putDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
// verify domain exists
Domain domain = con.getDomain(domainName);
if (domain == null) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
}
// now process the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
if (!processDomainDependency(con, domainName, service, auditDetails)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError("unable to put dependency on domain " + domainName + " for service " + service, caller);
}
// update our domain time-stamp and save changes
saveChanges(con, domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, service, auditDetails.toString());
// add domain change event
addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method deleteDomainDependency.
public void deleteDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
// verify domain exists
Domain domain = con.getDomain(domainName);
if (domain == null) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
}
// now process the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
if (!processDeleteDomainDependency(con, domainName, service, auditDetails)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError("unable to delete dependency on domain " + domainName + " for service " + service, caller);
}
// update our domain time-stamp and save changes
saveChanges(con, domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, service, auditDetails.toString());
// add domain change event
addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executePutDomainMeta.
void executePutDomainMeta(ResourceContext ctx, Domain domain, DomainMeta meta, final String systemAttribute, boolean deleteAllowed, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String domainName = domain.getName();
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domain, auditRef, caller, getPrincipalName(ctx), AUDIT_TYPE_DOMAIN);
// now process the request. first we're going to make a
// copy of our domain
Domain updatedDomain = new Domain().setName(domain.getName()).setEnabled(domain.getEnabled()).setId(domain.getId()).setAuditEnabled(domain.getAuditEnabled()).setDescription(domain.getDescription()).setOrg(domain.getOrg()).setApplicationId(domain.getApplicationId()).setAccount(domain.getAccount()).setAzureSubscription(domain.getAzureSubscription()).setYpmId(domain.getYpmId()).setCertDnsDomain(domain.getCertDnsDomain()).setMemberExpiryDays(domain.getMemberExpiryDays()).setServiceExpiryDays(domain.getServiceExpiryDays()).setGroupExpiryDays(domain.getGroupExpiryDays()).setTokenExpiryMins(domain.getTokenExpiryMins()).setRoleCertExpiryMins(domain.getRoleCertExpiryMins()).setServiceCertExpiryMins(domain.getServiceCertExpiryMins()).setSignAlgorithm(domain.getSignAlgorithm()).setUserAuthorityFilter(domain.getUserAuthorityFilter()).setBusinessService(domain.getBusinessService()).setTags(domain.getTags()).setBusinessService(domain.getBusinessService());
if (systemAttribute != null) {
updateSystemMetaFields(updatedDomain, systemAttribute, deleteAllowed, meta);
} else {
updateDomainMetaFields(updatedDomain, meta);
}
con.updateDomain(updatedDomain);
if (!processDomainTags(con, meta.getTags(), domain, domainName, true)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError(caller + "Unable to update tags", caller);
}
con.commitChanges();
cacheStore.invalidate(domainName);
// audit log the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
auditLogDomain(auditDetails, updatedDomain);
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, domainName, auditDetails.toString());
// if the domain member expiry date has changed then we're going
// process all the members in the domain and update the expiration
// date accordingly
updateDomainMembersExpiration(ctx, con, domain, updatedDomain, auditRef, caller);
// if the domain user attribute expiry has changed we need to
// process all the members in the domain accordingly
updateDomainMembersUserAuthorityFilter(ctx, con, domain, updatedDomain, auditRef, caller);
// add domain change event
addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executeDeleteQuota.
void executeDeleteQuota(ResourceContext ctx, String domainName, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(true, true)) {
if (!con.deleteQuota(domainName)) {
throw ZMSUtils.notFoundError(caller + ": unable to delete quota: " + domainName, caller);
}
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, domainName, null);
// add domain change event
addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executeDeleteMembership.
void executeDeleteMembership(ResourceContext ctx, String domainName, String roleName, String normalizedMember, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(true, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_ROLE);
if (!con.deleteRoleMember(domainName, roleName, normalizedMember, principal, auditRef)) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": unable to delete role member: " + normalizedMember + " from role: " + roleName, caller);
}
// update our role and domain time-stamps, and invalidate local cache entry
con.updateRoleModTimestamp(domainName, roleName);
con.updateDomainModTimestamp(domainName);
cacheStore.invalidate(domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, roleName, "{\"member\": \"" + normalizedMember + "\"}");
// add domain change event
addDomainChangeMessage(ctx, domainName, roleName, DomainChangeMessage.ObjectType.ROLE);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Aggregations