Example 36 with ObjectStoreConnection
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method putDomainDependency.
public void putDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
// verify domain exists
Domain domain = con.getDomain(domainName);
if (domain == null) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
}
// now process the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
if (!processDomainDependency(con, domainName, service, auditDetails)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError("unable to put dependency on domain " + domainName + " for service " + service, caller);
}
// update our domain time-stamp and save changes
saveChanges(con, domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, service, auditDetails.toString());
// add domain change event
addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Also used :
ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 37 with ObjectStoreConnection
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method deleteDomainDependency.
public void deleteDomainDependency(ResourceContext ctx, String domainName, String service, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_DOMAIN);
// verify domain exists
Domain domain = con.getDomain(domainName);
if (domain == null) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": Unknown domain: " + domainName, caller);
}
// now process the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
if (!processDeleteDomainDependency(con, domainName, service, auditDetails)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError("unable to delete dependency on domain " + domainName + " for service " + service, caller);
}
// update our domain time-stamp and save changes
saveChanges(con, domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, service, auditDetails.toString());
// add domain change event
addDomainChangeMessage(ctx, domainName, service, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Also used :
ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 38 with ObjectStoreConnection
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executePutDomainMeta.
void executePutDomainMeta(ResourceContext ctx, Domain domain, DomainMeta meta, final String systemAttribute, boolean deleteAllowed, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(false, true)) {
final String domainName = domain.getName();
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domain, auditRef, caller, getPrincipalName(ctx), AUDIT_TYPE_DOMAIN);
// now process the request. first we're going to make a
// copy of our domain
Domain updatedDomain = new Domain().setName(domain.getName()).setEnabled(domain.getEnabled()).setId(domain.getId()).setAuditEnabled(domain.getAuditEnabled()).setDescription(domain.getDescription()).setOrg(domain.getOrg()).setApplicationId(domain.getApplicationId()).setAccount(domain.getAccount()).setAzureSubscription(domain.getAzureSubscription()).setYpmId(domain.getYpmId()).setCertDnsDomain(domain.getCertDnsDomain()).setMemberExpiryDays(domain.getMemberExpiryDays()).setServiceExpiryDays(domain.getServiceExpiryDays()).setGroupExpiryDays(domain.getGroupExpiryDays()).setTokenExpiryMins(domain.getTokenExpiryMins()).setRoleCertExpiryMins(domain.getRoleCertExpiryMins()).setServiceCertExpiryMins(domain.getServiceCertExpiryMins()).setSignAlgorithm(domain.getSignAlgorithm()).setUserAuthorityFilter(domain.getUserAuthorityFilter()).setBusinessService(domain.getBusinessService()).setTags(domain.getTags()).setBusinessService(domain.getBusinessService());
if (systemAttribute != null) {
updateSystemMetaFields(updatedDomain, systemAttribute, deleteAllowed, meta);
} else {
updateDomainMetaFields(updatedDomain, meta);
}
con.updateDomain(updatedDomain);
if (!processDomainTags(con, meta.getTags(), domain, domainName, true)) {
con.rollbackChanges();
throw ZMSUtils.internalServerError(caller + "Unable to update tags", caller);
}
con.commitChanges();
cacheStore.invalidate(domainName);
// audit log the request
StringBuilder auditDetails = new StringBuilder(ZMSConsts.STRING_BLDR_SIZE_DEFAULT);
auditLogDomain(auditDetails, updatedDomain);
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_PUT, domainName, auditDetails.toString());
// if the domain member expiry date has changed then we're going
// process all the members in the domain and update the expiration
// date accordingly
updateDomainMembersExpiration(ctx, con, domain, updatedDomain, auditRef, caller);
// if the domain user attribute expiry has changed we need to
// process all the members in the domain accordingly
updateDomainMembersUserAuthorityFilter(ctx, con, domain, updatedDomain, auditRef, caller);
// add domain change event
addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Also used :
ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)
AthenzDomain(com.yahoo.athenz.zms.store.AthenzDomain)
Example 39 with ObjectStoreConnection
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executeDeleteQuota.
void executeDeleteQuota(ResourceContext ctx, String domainName, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(true, true)) {
if (!con.deleteQuota(domainName)) {
throw ZMSUtils.notFoundError(caller + ": unable to delete quota: " + domainName, caller);
}
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, domainName, null);
// add domain change event
addDomainChangeMessage(ctx, domainName, domainName, DomainChangeMessage.ObjectType.DOMAIN);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Also used :
ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)
Example 40 with ObjectStoreConnection
use of com.yahoo.athenz.zms.store.ObjectStoreConnection in project athenz by yahoo.
the class DBService method executeDeleteMembership.
void executeDeleteMembership(ResourceContext ctx, String domainName, String roleName, String normalizedMember, String auditRef, String caller) {
for (int retryCount = defaultRetryCount; ; retryCount--) {
try (ObjectStoreConnection con = store.getConnection(true, true)) {
final String principal = getPrincipalName(ctx);
// first verify that auditing requirements are met
checkDomainAuditEnabled(con, domainName, auditRef, caller, principal, AUDIT_TYPE_ROLE);
if (!con.deleteRoleMember(domainName, roleName, normalizedMember, principal, auditRef)) {
con.rollbackChanges();
throw ZMSUtils.notFoundError(caller + ": unable to delete role member: " + normalizedMember + " from role: " + roleName, caller);
}
// update our role and domain time-stamps, and invalidate local cache entry
con.updateRoleModTimestamp(domainName, roleName);
con.updateDomainModTimestamp(domainName);
cacheStore.invalidate(domainName);
// audit log the request
auditLogRequest(ctx, domainName, auditRef, caller, ZMSConsts.HTTP_DELETE, roleName, "{\"member\": \"" + normalizedMember + "\"}");
// add domain change event
addDomainChangeMessage(ctx, domainName, roleName, DomainChangeMessage.ObjectType.ROLE);
return;
} catch (ResourceException ex) {
if (!shouldRetryOperation(ex, retryCount)) {
throw ex;
}
}
}
}
Also used :
ObjectStoreConnection(com.yahoo.athenz.zms.store.ObjectStoreConnection)
Aggregations
ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)173
Test (org.testng.annotations.Test)96
ObjectStore (com.yahoo.athenz.zms.store.ObjectStore)38
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)34
Authority (com.yahoo.athenz.auth.Authority)23
Timestamp (com.yahoo.rdl.Timestamp)17
ArrayList (java.util.ArrayList)16
MemberDueDays (com.yahoo.athenz.zms.config.MemberDueDays)11
Principal (com.yahoo.athenz.auth.Principal)7
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7
EmbeddedMysql (com.wix.mysql.EmbeddedMysql)5
FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)5
Crypto (com.yahoo.athenz.auth.util.Crypto)5
AuditReferenceValidator (com.yahoo.athenz.common.server.audit.AuditReferenceValidator)5
NotificationManager (com.yahoo.athenz.common.server.notification.NotificationManager)5
ResourceUtils (com.yahoo.athenz.common.server.util.ResourceUtils)5
DataCache (com.yahoo.athenz.zms.DBService.DataCache)5
MockAuditReferenceValidatorImpl (com.yahoo.athenz.zms.audit.MockAuditReferenceValidatorImpl)5
JDBCConnection (com.yahoo.athenz.zms.store.impl.jdbc.JDBCConnection)5
ZMSUtils (com.yahoo.athenz.zms.utils.ZMSUtils)5
