Example 56 with DataCache
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class ZTSImpl method verifyAWSAssumeRole.
boolean verifyAWSAssumeRole(String domainName, String roleResource, String principal) {
// first retrieve our domain data object from the cache
DataCache data = dataStore.getDataCache(domainName);
if (data == null) {
LOGGER.error("verifyAWSAssumeRole: unknown domain: {}", domainName);
return false;
}
// retrieve the roles for the principal
Set<String> roles = new HashSet<>();
dataStore.getAccessibleRoles(data, domainName, principal, null, roles, true);
if (roles.isEmpty()) {
LOGGER.error("verifyAWSAssumeRole: Principal: {}" + " has no acccess to any roles in domain: {}", principal, domainName);
return false;
}
// check to see if any of the roles give access to the specified resource
Set<String> awsResourceSet = null;
for (String role : roles) {
awsResourceSet = data.getAWSResourceRoleSet(role);
if (awsResourceSet != null && awsResourceSet.contains(roleResource)) {
return true;
}
}
LOGGER.error("verifyAWSAssumeRole: Principal: {} has no acccess to resource: {}" + " in domain: {}", principal, roleResource, domainName);
return false;
}Example 57 with DataCache
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataStore method deleteDomainFromCache.
// Internal
void deleteDomainFromCache(String name) {
/* before we delete the domain from our cache, we need to
* remove the old data host and public key sets */
DataCache data = getCacheStore().getIfPresent(name);
if (data == null) {
return;
}
try {
hostWLock.lock();
removeHostEntries(data.getHostMap());
} finally {
hostWLock.unlock();
}
try {
pkeyWLock.lock();
removePublicKeys(data.getPublicKeyMap());
} finally {
pkeyWLock.unlock();
}
getCacheStore().invalidate(name);
}
Also used :
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Example 58 with DataCache
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataStoreTest method testAddDomainToCacheRemovedHosts.
@Test
public void testAddDomainToCacheRemovedHosts() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
DataCache dataCache = new DataCache();
ServiceIdentity service = new ServiceIdentity();
service.setName("coretech.storage");
List<String> hosts = new ArrayList<>();
hosts.add("host1");
hosts.add("host2");
hosts.add("host3");
service.setHosts(hosts);
List<ServiceIdentity> services = new ArrayList<>();
services.add(service);
dataCache.processServiceIdentity(service);
DomainData domainData = new DomainData();
domainData.setServices(services);
dataCache.setDomainData(domainData);
store.addDomainToCache("coretech", dataCache);
/* removed hosts */
dataCache = new DataCache();
service = new ServiceIdentity();
service.setName("coretech.storage");
hosts = new ArrayList<>();
hosts.add("host1");
service.setHosts(hosts);
services = new ArrayList<>();
services.add(service);
dataCache.processServiceIdentity(service);
domainData = new DomainData();
domainData.setServices(services);
dataCache.setDomainData(domainData);
store.addDomainToCache("coretech", dataCache);
HostServices hostServices = store.getHostServices("host1");
hosts = hostServices.getNames();
assertEquals(hosts.size(), 1);
assertTrue(hosts.contains("coretech.storage"));
hostServices = store.getHostServices("host2");
hosts = hostServices.getNames();
assertEquals(hosts.size(), 0);
hostServices = store.getHostServices("host3");
hosts = hostServices.getNames();
assertEquals(hosts.size(), 0);
}
Also used :
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
ArrayList(java.util.ArrayList)
DomainData(com.yahoo.athenz.zms.DomainData)
HostServices(com.yahoo.athenz.zts.HostServices)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Test(org.testng.annotations.Test)
Example 59 with DataCache
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataStoreTest method testProcessTrustedDomainMemberRolesNull.
@Test
public void testProcessTrustedDomainMemberRolesNull() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
DataCache dataCache = createDataCache("coretech");
Set<String> accessibleRoles = new HashSet<>();
String prefix = "coretech" + ROLE_POSTFIX;
String identity = "user_domain.user3";
String[] requestedRoleList = { "coretech:role.admin" };
Set<String> trustedResources = new HashSet<>();
trustedResources.add("coretech:role.admin");
trustedResources.add("coretech:role.readers");
store.processTrustedDomain(dataCache, identity, prefix, requestedRoleList, trustedResources, accessibleRoles, false);
assertEquals(accessibleRoles.size(), 0);
}
Also used :
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Example 60 with DataCache
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataStoreTest method testProcessDomainRolesNullRoles.
@Test
public void testProcessDomainRolesNullRoles() {
ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", pkey, "0");
DataStore store = new DataStore(clogStore, null);
DomainData domainData = new DomainData();
domainData.setName("coretech");
DataCache dataCache = new DataCache();
dataCache.setDomainData(domainData);
store.processDomainRoles(domainData, dataCache);
assertEquals(dataCache.getMemberCount(), 0);
}
Also used :
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
DomainData(com.yahoo.athenz.zms.DomainData)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
DataCache(com.yahoo.athenz.zts.cache.DataCache)
Test(org.testng.annotations.Test)
Aggregations
DataCache (com.yahoo.athenz.zts.cache.DataCache)84
Test (org.testng.annotations.Test)68
ArrayList (java.util.ArrayList)44
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)39
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)38
DomainData (com.yahoo.athenz.zms.DomainData)32
Role (com.yahoo.athenz.zms.Role)31
HashSet (java.util.HashSet)24
RoleMember (com.yahoo.athenz.zms.RoleMember)23
ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)17
SignedDomain (com.yahoo.athenz.zms.SignedDomain)14
Policy (com.yahoo.athenz.zms.Policy)13
Domain (com.yahoo.athenz.zms.Domain)12
MemberRole (com.yahoo.athenz.zts.cache.MemberRole)12
Set (java.util.Set)12
Assertion (com.yahoo.athenz.zms.Assertion)7
HostServices (com.yahoo.athenz.zts.HostServices)6
HashMap (java.util.HashMap)6
SignedDomains (com.yahoo.athenz.zms.SignedDomains)5
Principal (com.yahoo.athenz.auth.Principal)4
