use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataCacheTest method testMultipleRoles.
@Test
public void testMultipleRoles() {
Role role1 = new Role();
role1.setName("dom.role1");
List<RoleMember> members1 = new ArrayList<>();
members1.add(new RoleMember().setMemberName("user_domain.user1"));
members1.add(new RoleMember().setMemberName("user_domain.user2"));
role1.setRoleMembers(members1);
Role role2 = new Role();
role2.setName("dom.role2");
List<RoleMember> members2 = new ArrayList<>();
members2.add(new RoleMember().setMemberName("user_domain.user2"));
members2.add(new RoleMember().setMemberName("user_domain.user3"));
role2.setRoleMembers(members2);
DataCache cache = new DataCache();
cache.processRole(role1);
cache.processRole(role2);
Set<MemberRole> set1 = cache.getMemberRoleSet("user_domain.user1");
assertNotNull(set1);
assertTrue(set1.contains(new MemberRole("dom.role1", 0)));
assertEquals(set1.size(), 1);
Set<MemberRole> set2 = cache.getMemberRoleSet("user_domain.user2");
assertNotNull(set2);
assertTrue(set2.contains(new MemberRole("dom.role1", 0)));
assertTrue(set2.contains(new MemberRole("dom.role2", 0)));
assertEquals(set2.size(), 2);
Set<MemberRole> set3 = cache.getMemberRoleSet("user_domain.user3");
assertNotNull(set3);
assertTrue(set3.contains(new MemberRole("dom.role2", 0)));
assertEquals(set3.size(), 1);
Set<MemberRole> set4 = cache.getMemberRoleSet("user_domain.user4");
assertNull(set4);
}
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class ZTSImpl method getRoleAccess.
public RoleAccess getRoleAccess(ResourceContext ctx, String domainName, String principal) {
final String caller = "getroleaccess";
final String callerTiming = "getroleaccess_timing";
metric.increment(HTTP_GET);
logPrincipal(ctx);
validateRequest(ctx.request(), caller);
validate(domainName, TYPE_DOMAIN_NAME, caller);
validate(principal, TYPE_ENTITY_NAME, caller);
// for consistent handling of all requests, we're going to convert
// all incoming object values into lower case since ZMS Server
// saves all of its object names in lower case
domainName = domainName.toLowerCase();
principal = normalizeDomainAliasUser(principal.toLowerCase());
Object timerMetric = metric.startTiming(callerTiming, domainName);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("getRoleAccess(domain: " + domainName + ", principal: " + principal + ")");
}
// first retrieve our domain data object from the cache
DataCache data = dataStore.getDataCache(domainName);
if (data == null) {
// just increment the request counter without any dimension
// we don't want to get persistent indexes for invalid domains
metric.increment(HTTP_REQUEST, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
metric.increment(caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
throw notFoundError("getRoleAccess: No such domain: " + domainName, caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
}
// update our metric with dimension. we're moving the metric here
// after the domain name has been confirmed as valid since with
// dimensions we get stuck with persistent indexes so we only want
// to create them for valid domain names
metric.increment(HTTP_REQUEST, domainName);
metric.increment(caller, domainName);
// process our request and retrieve the roles for the principal
Set<String> roles = new HashSet<>();
dataStore.getAccessibleRoles(data, domainName, principal, null, roles, false);
RoleAccess roleAccess = new RoleAccess().setRoles(new ArrayList<String>(roles));
metric.stopTiming(timerMetric);
return roleAccess;
}
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class ZTSImpl method getAccess.
@Override
public Access getAccess(ResourceContext ctx, String domainName, String roleName, String principal) {
final String caller = "getaccess";
final String callerTiming = "getaccess_timing";
metric.increment(HTTP_GET);
logPrincipal(ctx);
validateRequest(ctx.request(), caller);
validate(domainName, TYPE_DOMAIN_NAME, caller);
validate(roleName, TYPE_ENTITY_NAME, caller);
validate(principal, TYPE_ENTITY_NAME, caller);
// for consistent handling of all requests, we're going to convert
// all incoming object values into lower case since ZMS Server
// saves all of its object names in lower case
domainName = domainName.toLowerCase();
roleName = roleName.toLowerCase();
principal = normalizeDomainAliasUser(principal.toLowerCase());
Object timerMetric = metric.startTiming(callerTiming, domainName);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("getAccess(domain: " + domainName + ", principal: " + principal + ", role: " + roleName + ")");
}
// first retrieve our domain data object from the cache
DataCache data = dataStore.getDataCache(domainName);
if (data == null) {
// just increment the request counter without any dimension
// we don't want to get persistent indexes for invalid domains
metric.increment(HTTP_REQUEST, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
metric.increment(caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
throw notFoundError("getAccess: No such domain: " + domainName, caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
}
// update our metric with dimension. we're moving the metric here
// after the domain name has been confirmed as valid since with
// dimensions we get stuck with persistent indexes so we only want
// to create them for valid domain names
metric.increment(HTTP_REQUEST, domainName);
metric.increment(caller, domainName);
// process our request and retrieve the roles for the principal
Set<String> roles = new HashSet<>();
dataStore.getAccessibleRoles(data, domainName, principal, null, roles, false);
// create our response object and set the flag whether
// or not the principal has access to the role
Access access = new Access();
access.setGranted(roles.contains(roleName));
metric.stopTiming(timerMetric);
return access;
}
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataStore method processDomain.
public boolean processDomain(SignedDomain signedDomain, boolean saveInStore) {
DomainData domainData = signedDomain.getDomain();
String domainName = domainData.getName();
if (LOGGER.isInfoEnabled()) {
LOGGER.info("Processing domain: {}", domainName);
}
if (domainData.getEnabled() == Boolean.FALSE) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Skipping disabled domain domain: {}", domainName);
}
return true;
}
if (!validateSignedDomain(signedDomain)) {
return false;
}
/* generate our cache object */
DataCache domainCache = new DataCache();
/* process the roles for this domain */
processDomainRoles(domainData, domainCache);
/* process the policies for this domain */
processDomainPolicies(domainData, domainCache);
/* finally process the service identities */
processDomainServiceIdentities(domainData, domainCache);
/* save the full domain object with the cache entry itself
* since we need to that information to handle
* getServiceIdentity and getServiceIdentityList requests */
domainCache.setDomainData(domainData);
/* add the entry to the cache and struct store */
addDomainToCache(domainName, domainCache);
if (saveInStore) {
changeLogStore.saveLocalDomain(domainName, signedDomain);
}
return true;
}
use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.
the class DataStore method addDomainToCache.
// Internal
public void addDomainToCache(String name, DataCache dataCache) {
/* before update the cache store with our updated data
* we need to remove the old data host and public key sets */
DataCache oldDataCache = getCacheStore().getIfPresent(name);
try {
hostWLock.lock();
if (oldDataCache != null) {
removeHostEntries(oldDataCache.getHostMap());
}
addHostEntries(dataCache.getHostMap());
} finally {
hostWLock.unlock();
}
try {
pkeyWLock.lock();
if (oldDataCache != null) {
removePublicKeys(oldDataCache.getPublicKeyMap());
}
addPublicKeys(dataCache.getPublicKeyMap());
} finally {
pkeyWLock.unlock();
}
if (getCloudStore() != null) {
getCloudStore().updateAccount(name, dataCache.getDomainData().getAccount());
}
/* update the cache for the given domain */
getCacheStore().put(name, dataCache);
}
Aggregations