Search in sources :

Example 26 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class DataCacheTest method testMultipleRoles.

@Test
public void testMultipleRoles() {
    Role role1 = new Role();
    role1.setName("dom.role1");
    List<RoleMember> members1 = new ArrayList<>();
    members1.add(new RoleMember().setMemberName("user_domain.user1"));
    members1.add(new RoleMember().setMemberName("user_domain.user2"));
    role1.setRoleMembers(members1);
    Role role2 = new Role();
    role2.setName("dom.role2");
    List<RoleMember> members2 = new ArrayList<>();
    members2.add(new RoleMember().setMemberName("user_domain.user2"));
    members2.add(new RoleMember().setMemberName("user_domain.user3"));
    role2.setRoleMembers(members2);
    DataCache cache = new DataCache();
    cache.processRole(role1);
    cache.processRole(role2);
    Set<MemberRole> set1 = cache.getMemberRoleSet("user_domain.user1");
    assertNotNull(set1);
    assertTrue(set1.contains(new MemberRole("dom.role1", 0)));
    assertEquals(set1.size(), 1);
    Set<MemberRole> set2 = cache.getMemberRoleSet("user_domain.user2");
    assertNotNull(set2);
    assertTrue(set2.contains(new MemberRole("dom.role1", 0)));
    assertTrue(set2.contains(new MemberRole("dom.role2", 0)));
    assertEquals(set2.size(), 2);
    Set<MemberRole> set3 = cache.getMemberRoleSet("user_domain.user3");
    assertNotNull(set3);
    assertTrue(set3.contains(new MemberRole("dom.role2", 0)));
    assertEquals(set3.size(), 1);
    Set<MemberRole> set4 = cache.getMemberRoleSet("user_domain.user4");
    assertNull(set4);
}
Also used : Role(com.yahoo.athenz.zms.Role) ArrayList(java.util.ArrayList) RoleMember(com.yahoo.athenz.zms.RoleMember) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 27 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class ZTSImpl method getRoleAccess.

public RoleAccess getRoleAccess(ResourceContext ctx, String domainName, String principal) {
    final String caller = "getroleaccess";
    final String callerTiming = "getroleaccess_timing";
    metric.increment(HTTP_GET);
    logPrincipal(ctx);
    validateRequest(ctx.request(), caller);
    validate(domainName, TYPE_DOMAIN_NAME, caller);
    validate(principal, TYPE_ENTITY_NAME, caller);
    // for consistent handling of all requests, we're going to convert
    // all incoming object values into lower case since ZMS Server
    // saves all of its object names in lower case
    domainName = domainName.toLowerCase();
    principal = normalizeDomainAliasUser(principal.toLowerCase());
    Object timerMetric = metric.startTiming(callerTiming, domainName);
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("getRoleAccess(domain: " + domainName + ", principal: " + principal + ")");
    }
    // first retrieve our domain data object from the cache
    DataCache data = dataStore.getDataCache(domainName);
    if (data == null) {
        // just increment the request counter without any dimension
        // we don't want to get persistent indexes for invalid domains
        metric.increment(HTTP_REQUEST, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
        metric.increment(caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
        throw notFoundError("getRoleAccess: No such domain: " + domainName, caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
    }
    // update our metric with dimension. we're moving the metric here
    // after the domain name has been confirmed as valid since with
    // dimensions we get stuck with persistent indexes so we only want
    // to create them for valid domain names
    metric.increment(HTTP_REQUEST, domainName);
    metric.increment(caller, domainName);
    // process our request and retrieve the roles for the principal
    Set<String> roles = new HashSet<>();
    dataStore.getAccessibleRoles(data, domainName, principal, null, roles, false);
    RoleAccess roleAccess = new RoleAccess().setRoles(new ArrayList<String>(roles));
    metric.stopTiming(timerMetric);
    return roleAccess;
}
Also used : DataCache(com.yahoo.athenz.zts.cache.DataCache) HashSet(java.util.HashSet)

Example 28 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class ZTSImpl method getAccess.

@Override
public Access getAccess(ResourceContext ctx, String domainName, String roleName, String principal) {
    final String caller = "getaccess";
    final String callerTiming = "getaccess_timing";
    metric.increment(HTTP_GET);
    logPrincipal(ctx);
    validateRequest(ctx.request(), caller);
    validate(domainName, TYPE_DOMAIN_NAME, caller);
    validate(roleName, TYPE_ENTITY_NAME, caller);
    validate(principal, TYPE_ENTITY_NAME, caller);
    // for consistent handling of all requests, we're going to convert
    // all incoming object values into lower case since ZMS Server
    // saves all of its object names in lower case
    domainName = domainName.toLowerCase();
    roleName = roleName.toLowerCase();
    principal = normalizeDomainAliasUser(principal.toLowerCase());
    Object timerMetric = metric.startTiming(callerTiming, domainName);
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("getAccess(domain: " + domainName + ", principal: " + principal + ", role: " + roleName + ")");
    }
    // first retrieve our domain data object from the cache
    DataCache data = dataStore.getDataCache(domainName);
    if (data == null) {
        // just increment the request counter without any dimension
        // we don't want to get persistent indexes for invalid domains
        metric.increment(HTTP_REQUEST, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
        metric.increment(caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
        throw notFoundError("getAccess: No such domain: " + domainName, caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
    }
    // update our metric with dimension. we're moving the metric here
    // after the domain name has been confirmed as valid since with
    // dimensions we get stuck with persistent indexes so we only want
    // to create them for valid domain names
    metric.increment(HTTP_REQUEST, domainName);
    metric.increment(caller, domainName);
    // process our request and retrieve the roles for the principal
    Set<String> roles = new HashSet<>();
    dataStore.getAccessibleRoles(data, domainName, principal, null, roles, false);
    // create our response object and set the flag whether
    // or not the principal has access to the role
    Access access = new Access();
    access.setGranted(roles.contains(roleName));
    metric.stopTiming(timerMetric);
    return access;
}
Also used : DataCache(com.yahoo.athenz.zts.cache.DataCache) HashSet(java.util.HashSet)

Example 29 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class DataStore method processDomain.

public boolean processDomain(SignedDomain signedDomain, boolean saveInStore) {
    DomainData domainData = signedDomain.getDomain();
    String domainName = domainData.getName();
    if (LOGGER.isInfoEnabled()) {
        LOGGER.info("Processing domain: {}", domainName);
    }
    if (domainData.getEnabled() == Boolean.FALSE) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Skipping disabled domain domain: {}", domainName);
        }
        return true;
    }
    if (!validateSignedDomain(signedDomain)) {
        return false;
    }
    /* generate our cache object */
    DataCache domainCache = new DataCache();
    /* process the roles for this domain */
    processDomainRoles(domainData, domainCache);
    /* process the policies for this domain */
    processDomainPolicies(domainData, domainCache);
    /* finally process the service identities */
    processDomainServiceIdentities(domainData, domainCache);
    /* save the full domain object with the cache entry itself
         * since we need to that information to handle
         * getServiceIdentity and getServiceIdentityList requests */
    domainCache.setDomainData(domainData);
    /* add the entry to the cache and struct store */
    addDomainToCache(domainName, domainCache);
    if (saveInStore) {
        changeLogStore.saveLocalDomain(domainName, signedDomain);
    }
    return true;
}
Also used : DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache)

Example 30 with DataCache

use of com.yahoo.athenz.zts.cache.DataCache in project athenz by yahoo.

the class DataStore method addDomainToCache.

// Internal
public void addDomainToCache(String name, DataCache dataCache) {
    /* before update the cache store with our updated data
         * we need to remove the old data host and public key sets */
    DataCache oldDataCache = getCacheStore().getIfPresent(name);
    try {
        hostWLock.lock();
        if (oldDataCache != null) {
            removeHostEntries(oldDataCache.getHostMap());
        }
        addHostEntries(dataCache.getHostMap());
    } finally {
        hostWLock.unlock();
    }
    try {
        pkeyWLock.lock();
        if (oldDataCache != null) {
            removePublicKeys(oldDataCache.getPublicKeyMap());
        }
        addPublicKeys(dataCache.getPublicKeyMap());
    } finally {
        pkeyWLock.unlock();
    }
    if (getCloudStore() != null) {
        getCloudStore().updateAccount(name, dataCache.getDomainData().getAccount());
    }
    /* update the cache for the given domain */
    getCacheStore().put(name, dataCache);
}
Also used : DataCache(com.yahoo.athenz.zts.cache.DataCache)

Aggregations

DataCache (com.yahoo.athenz.zts.cache.DataCache)84 Test (org.testng.annotations.Test)68 ArrayList (java.util.ArrayList)44 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)39 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)38 DomainData (com.yahoo.athenz.zms.DomainData)32 Role (com.yahoo.athenz.zms.Role)31 HashSet (java.util.HashSet)24 RoleMember (com.yahoo.athenz.zms.RoleMember)23 ServiceIdentity (com.yahoo.athenz.zms.ServiceIdentity)17 SignedDomain (com.yahoo.athenz.zms.SignedDomain)14 Policy (com.yahoo.athenz.zms.Policy)13 Domain (com.yahoo.athenz.zms.Domain)12 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)12 Set (java.util.Set)12 Assertion (com.yahoo.athenz.zms.Assertion)7 HostServices (com.yahoo.athenz.zts.HostServices)6 HashMap (java.util.HashMap)6 SignedDomains (com.yahoo.athenz.zms.SignedDomains)5 Principal (com.yahoo.athenz.auth.Principal)4