Search in sources :

Example 1 with Guarded

use of org.sonatype.nexus.common.stateguard.Guarded in project nexus-blobstore-google-cloud by sonatype-nexus-community.

the class GoogleCloudBlobStore method get.

@Nullable
@Override
@Guarded(by = STARTED)
@Timed
public Blob get(final BlobId blobId, final boolean includeDeleted) {
    checkNotNull(blobId);
    final GoogleCloudStorageBlob blob = liveBlobs.getUnchecked(blobId);
    if (blob.isStale()) {
        Lock lock = blob.lock();
        try {
            if (blob.isStale()) {
                GoogleCloudBlobAttributes blobAttributes = new GoogleCloudBlobAttributes(bucket, attributePath(blobId));
                boolean loaded = blobAttributes.load();
                if (!loaded) {
                    log.warn("Attempt to access non-existent blob {} ({})", blobId, blobAttributes);
                    return null;
                }
                if (blobAttributes.isDeleted() && !includeDeleted) {
                    log.warn("Attempt to access soft-deleted blob {} ({})", blobId, blobAttributes);
                    return null;
                }
                blob.refresh(blobAttributes.getHeaders(), blobAttributes.getMetrics());
            }
        } catch (IOException e) {
            throw new BlobStoreException(e, blobId);
        } finally {
            lock.unlock();
        }
    }
    log.debug("Accessing blob {}", blobId);
    return blob;
}
Also used : IOException(java.io.IOException) Lock(java.util.concurrent.locks.Lock) Timed(com.codahale.metrics.annotation.Timed) Guarded(org.sonatype.nexus.common.stateguard.Guarded) Nullable(javax.annotation.Nullable)

Example 2 with Guarded

use of org.sonatype.nexus.common.stateguard.Guarded in project nexus-public by sonatype.

the class SelectorManagerImpl method browseActive.

@Override
@Guarded(by = STARTED)
public List<SelectorConfiguration> browseActive(final List<String> repositoryNames, final List<String> formats) {
    AuthorizationManager authorizationManager;
    User currentUser;
    try {
        authorizationManager = securitySystem.getAuthorizationManager(DEFAULT_SOURCE);
        currentUser = securitySystem.currentUser();
    } catch (NoSuchAuthorizationManagerException | UserNotFoundException e) {
        log.warn("Unable to load active content selectors", e);
        return Collections.emptyList();
    }
    if (currentUser == null) {
        return Collections.emptyList();
    }
    List<String> roleIds = currentUser.getRoles().stream().map(RoleIdentifier::getRoleId).collect(toList());
    List<Role> roles = getRoles(roleIds, authorizationManager, new ArrayList<>());
    List<String> contentSelectorNames = roles.stream().map(Role::getPrivileges).flatMap(Collection::stream).map(id -> {
        try {
            return authorizationManager.getPrivilege(id);
        } catch (NoSuchPrivilegeException e) {
            log.debug("Unable to find privilege for id={}, continuing to check privileges", id, e);
            return null;
        }
    }).filter(Objects::nonNull).filter(repositoryFormatOrNameMatcher(repositoryNames, formats)).map(this::getContentSelector).collect(toList());
    return browse().stream().filter(selector -> contentSelectorNames.contains(selector.getName())).collect(toList());
}
Also used : UserNotFoundException(org.sonatype.nexus.security.user.UserNotFoundException) Role(org.sonatype.nexus.security.role.Role) RoleIdentifier(org.sonatype.nexus.security.role.RoleIdentifier) LoadingCache(com.google.common.cache.LoadingCache) EntityId(org.sonatype.nexus.common.entity.EntityId) StringUtils(org.apache.commons.lang3.StringUtils) Guarded(org.sonatype.nexus.common.stateguard.Guarded) P_CONTENT_SELECTOR(org.sonatype.nexus.repository.security.RepositoryContentSelectorPrivilegeDescriptor.P_CONTENT_SELECTOR) Map(java.util.Map) SelectorConfiguration(org.sonatype.nexus.selector.SelectorConfiguration) AllowConcurrentEvents(com.google.common.eventbus.AllowConcurrentEvents) SelectorSqlBuilder(org.sonatype.nexus.selector.SelectorSqlBuilder) SelectorFactory(org.sonatype.nexus.selector.SelectorFactory) SecuritySystem(org.sonatype.nexus.security.SecuritySystem) Predicate(java.util.function.Predicate) Collection(java.util.Collection) RepositorySelector(org.sonatype.nexus.repository.security.RepositorySelector) NoSuchPrivilegeException(org.sonatype.nexus.security.privilege.NoSuchPrivilegeException) SERVICES(org.sonatype.nexus.common.app.ManagedLifecycle.Phase.SERVICES) Objects(java.util.Objects) CacheLoader(com.google.common.cache.CacheLoader) List(java.util.List) STARTED(org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.State.STARTED) NoSuchAuthorizationManagerException(org.sonatype.nexus.security.authz.NoSuchAuthorizationManagerException) UserNotFoundException(org.sonatype.nexus.security.user.UserNotFoundException) Optional(java.util.Optional) Selector(org.sonatype.nexus.selector.Selector) CacheBuilder(com.google.common.cache.CacheBuilder) DEFAULT_SOURCE(org.sonatype.nexus.security.user.UserManager.DEFAULT_SOURCE) Singleton(javax.inject.Singleton) ArrayList(java.util.ArrayList) EventAware(org.sonatype.nexus.common.event.EventAware) Inject(javax.inject.Inject) SelectorManager(org.sonatype.nexus.selector.SelectorManager) ImmutableList(com.google.common.collect.ImmutableList) RepositoryContentSelectorPrivilegeDescriptor(org.sonatype.nexus.repository.security.RepositoryContentSelectorPrivilegeDescriptor) Subscribe(com.google.common.eventbus.Subscribe) SoftReference(java.lang.ref.SoftReference) Named(javax.inject.Named) StateGuardLifecycleSupport(org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport) Role(org.sonatype.nexus.security.role.Role) VariableSource(org.sonatype.nexus.selector.VariableSource) NoSuchRoleException(org.sonatype.nexus.security.role.NoSuchRoleException) User(org.sonatype.nexus.security.user.User) AuthorizationManager(org.sonatype.nexus.security.authz.AuthorizationManager) SelectorEvaluationException(org.sonatype.nexus.selector.SelectorEvaluationException) Preconditions.checkNotNull(com.google.common.base.Preconditions.checkNotNull) P_REPOSITORY(org.sonatype.nexus.repository.security.RepositoryContentSelectorPrivilegeDescriptor.P_REPOSITORY) Collectors.toList(java.util.stream.Collectors.toList) ManagedLifecycle(org.sonatype.nexus.common.app.ManagedLifecycle) Collections(java.util.Collections) Privilege(org.sonatype.nexus.security.privilege.Privilege) NoSuchAuthorizationManagerException(org.sonatype.nexus.security.authz.NoSuchAuthorizationManagerException) User(org.sonatype.nexus.security.user.User) NoSuchPrivilegeException(org.sonatype.nexus.security.privilege.NoSuchPrivilegeException) AuthorizationManager(org.sonatype.nexus.security.authz.AuthorizationManager) Guarded(org.sonatype.nexus.common.stateguard.Guarded)

Example 3 with Guarded

use of org.sonatype.nexus.common.stateguard.Guarded in project nexus-public by sonatype.

the class StorageTxImpl method attachBlob.

@Override
@Guarded(by = ACTIVE)
public void attachBlob(final Asset asset, final AssetBlob assetBlob) {
    checkNotNull(asset);
    checkNotNull(assetBlob);
    checkArgument(!assetBlob.isAttached(), "Blob is already attached to an asset");
    final WritePolicy effectiveWritePolicy = writePolicySelector.select(asset, writePolicy);
    if (!effectiveWritePolicy.checkCreateAllowed()) {
        throw new IllegalOperationException("Repository is read only: " + repositoryName);
    }
    NestedAttributesMap checksums = asset.attributes().child(CHECKSUM);
    if (!isDuplicateBlob(asset, assetBlob, effectiveWritePolicy, checksums)) {
        maybeDeleteBlob(asset, assetBlob, effectiveWritePolicy);
        asset.blobRef(assetBlob.getBlobRef());
        asset.size(assetBlob.getSize());
        asset.contentType(assetBlob.getContentType());
        // Set attributes map to contain computed checksum metadata
        for (Entry<HashAlgorithm, HashCode> entry : assetBlob.getHashes().entrySet()) {
            HashAlgorithm algorithm = entry.getKey();
            HashCode checksum = entry.getValue();
            checksums.set(algorithm.name(), checksum.toString());
        }
        // Mark assets whose checksums were not verified locally, for possible later verification
        NestedAttributesMap provenance = asset.attributes().child(PROVENANCE);
        provenance.set(HASHES_NOT_VERIFIED, !assetBlob.getHashesVerified());
        Map<String, String> blobHeaders = assetBlob.getBlob().getHeaders();
        if (blobHeaders.containsKey(BlobStore.CREATED_BY_HEADER)) {
            asset.createdBy(blobHeaders.get(BlobStore.CREATED_BY_HEADER));
        }
        if (blobHeaders.containsKey(BlobStore.CREATED_BY_IP_HEADER)) {
            asset.createdByIp(blobHeaders.get(BlobStore.CREATED_BY_IP_HEADER));
        }
        assetBlob.setAttached(true);
    }
}
Also used : HashCode(com.google.common.hash.HashCode) IllegalOperationException(org.sonatype.nexus.repository.IllegalOperationException) NestedAttributesMap(org.sonatype.nexus.common.collect.NestedAttributesMap) WritePolicy(org.sonatype.nexus.repository.config.WritePolicy) HashAlgorithm(org.sonatype.nexus.common.hash.HashAlgorithm) Guarded(org.sonatype.nexus.common.stateguard.Guarded)

Example 4 with Guarded

use of org.sonatype.nexus.common.stateguard.Guarded in project nexus-public by sonatype.

the class StorageTxImpl method setBlob.

@Override
@Guarded(by = ACTIVE)
public AssetBlob setBlob(final Asset asset, final String blobName, final InputStreamSupplier streamSupplier, final Iterable<HashAlgorithm> hashAlgorithms, @Nullable final Map<String, String> headers, @Nullable final String declaredContentType, final boolean skipContentVerification) throws IOException {
    checkNotNull(asset);
    // Enforce write policy ahead, as we have asset here
    BlobRef oldBlobRef = asset.blobRef();
    if (oldBlobRef != null) {
        if (!writePolicySelector.select(asset, writePolicy).checkUpdateAllowed()) {
            throw new IllegalOperationException("Repository does not allow updating assets: " + repositoryName);
        }
    }
    final AssetBlob assetBlob = createBlob(blobName, streamSupplier, hashAlgorithms, headers, declaredContentType, skipContentVerification);
    attachBlob(asset, assetBlob);
    return assetBlob;
}
Also used : BlobRef(org.sonatype.nexus.blobstore.api.BlobRef) IllegalOperationException(org.sonatype.nexus.repository.IllegalOperationException) Guarded(org.sonatype.nexus.common.stateguard.Guarded)

Example 5 with Guarded

use of org.sonatype.nexus.common.stateguard.Guarded in project nexus-public by sonatype.

the class SelectorManagerImpl method browseActive.

@Override
@Guarded(by = STARTED)
public List<SelectorConfiguration> browseActive(final Collection<String> repositoryNames, final Collection<String> formats) {
    AuthorizationManager authorizationManager;
    User currentUser;
    try {
        authorizationManager = securitySystem.getAuthorizationManager(DEFAULT_SOURCE);
        currentUser = securitySystem.currentUser();
    } catch (NoSuchAuthorizationManagerException | UserNotFoundException e) {
        log.warn("Unable to load active content selectors", e);
        return Collections.emptyList();
    }
    if (currentUser == null) {
        return Collections.emptyList();
    }
    List<String> roleIds = currentUser.getRoles().stream().map(RoleIdentifier::getRoleId).collect(toList());
    Set<String> privilegeIds = getRoles(roleIds, authorizationManager).stream().map(Role::getPrivileges).flatMap(Collection::stream).collect(Collectors.toSet());
    List<String> contentSelectorNames = authorizationManager.getPrivileges(privilegeIds).stream().filter(repositoryFormatOrNameMatcher(repositoryNames, formats)).map(this::getContentSelector).collect(toList());
    return browse().stream().filter(selector -> contentSelectorNames.contains(selector.getName())).collect(toList());
}
Also used : UserNotFoundException(org.sonatype.nexus.security.user.UserNotFoundException) Role(org.sonatype.nexus.security.role.Role) RoleIdentifier(org.sonatype.nexus.security.role.RoleIdentifier) SelectorConfigurationChangedEvent(org.sonatype.nexus.distributed.event.service.api.common.SelectorConfigurationChangedEvent) LoadingCache(com.google.common.cache.LoadingCache) EntityId(org.sonatype.nexus.common.entity.EntityId) StringUtils(org.apache.commons.lang3.StringUtils) Guarded(org.sonatype.nexus.common.stateguard.Guarded) P_CONTENT_SELECTOR(org.sonatype.nexus.repository.security.RepositoryContentSelectorPrivilegeDescriptor.P_CONTENT_SELECTOR) Map(java.util.Map) SelectorConfiguration(org.sonatype.nexus.selector.SelectorConfiguration) AllowConcurrentEvents(com.google.common.eventbus.AllowConcurrentEvents) SelectorSqlBuilder(org.sonatype.nexus.selector.SelectorSqlBuilder) SelectorFactory(org.sonatype.nexus.selector.SelectorFactory) SecuritySystem(org.sonatype.nexus.security.SecuritySystem) Predicate(java.util.function.Predicate) Collection(java.util.Collection) Set(java.util.Set) RepositorySelector(org.sonatype.nexus.repository.security.RepositorySelector) SERVICES(org.sonatype.nexus.common.app.ManagedLifecycle.Phase.SERVICES) Collectors(java.util.stream.Collectors) CacheLoader(com.google.common.cache.CacheLoader) List(java.util.List) STARTED(org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.State.STARTED) NoSuchAuthorizationManagerException(org.sonatype.nexus.security.authz.NoSuchAuthorizationManagerException) UserNotFoundException(org.sonatype.nexus.security.user.UserNotFoundException) Optional(java.util.Optional) DuplicateKeyException(org.sonatype.nexus.datastore.api.DuplicateKeyException) Selector(org.sonatype.nexus.selector.Selector) CacheBuilder(com.google.common.cache.CacheBuilder) ValidationErrorsException(org.sonatype.nexus.rest.ValidationErrorsException) DEFAULT_SOURCE(org.sonatype.nexus.security.user.UserManager.DEFAULT_SOURCE) Singleton(javax.inject.Singleton) Function(java.util.function.Function) EventAware(org.sonatype.nexus.common.event.EventAware) HashSet(java.util.HashSet) Inject(javax.inject.Inject) SelectorManager(org.sonatype.nexus.selector.SelectorManager) ImmutableList(com.google.common.collect.ImmutableList) RepositoryContentSelectorPrivilegeDescriptor(org.sonatype.nexus.repository.security.RepositoryContentSelectorPrivilegeDescriptor) Subscribe(com.google.common.eventbus.Subscribe) SoftReference(java.lang.ref.SoftReference) Named(javax.inject.Named) StateGuardLifecycleSupport(org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport) Role(org.sonatype.nexus.security.role.Role) VariableSource(org.sonatype.nexus.selector.VariableSource) User(org.sonatype.nexus.security.user.User) AuthorizationManager(org.sonatype.nexus.security.authz.AuthorizationManager) SelectorEvaluationException(org.sonatype.nexus.selector.SelectorEvaluationException) Preconditions.checkNotNull(com.google.common.base.Preconditions.checkNotNull) P_REPOSITORY(org.sonatype.nexus.repository.security.RepositoryContentSelectorPrivilegeDescriptor.P_REPOSITORY) Collectors.toList(java.util.stream.Collectors.toList) UserManager(org.sonatype.nexus.security.user.UserManager) ManagedLifecycle(org.sonatype.nexus.common.app.ManagedLifecycle) Collections(java.util.Collections) Privilege(org.sonatype.nexus.security.privilege.Privilege) NoSuchAuthorizationManagerException(org.sonatype.nexus.security.authz.NoSuchAuthorizationManagerException) User(org.sonatype.nexus.security.user.User) AuthorizationManager(org.sonatype.nexus.security.authz.AuthorizationManager) Guarded(org.sonatype.nexus.common.stateguard.Guarded)

Aggregations

Guarded (org.sonatype.nexus.common.stateguard.Guarded)66 EntityId (org.sonatype.nexus.common.entity.EntityId)10 ArrayList (java.util.ArrayList)8 BlobStoreException (org.sonatype.nexus.blobstore.api.BlobStoreException)8 IOException (java.io.IOException)7 Nullable (javax.annotation.Nullable)7 Repository (org.sonatype.nexus.repository.Repository)7 Timed (com.codahale.metrics.annotation.Timed)6 HashMap (java.util.HashMap)6 Optional (java.util.Optional)6 AttachedEntityId (org.sonatype.nexus.orient.entity.AttachedEntityId)6 Blob (org.sonatype.nexus.blobstore.api.Blob)5 Preconditions.checkNotNull (com.google.common.base.Preconditions.checkNotNull)4 Map (java.util.Map)4 Collections (java.util.Collections)3 Date (java.util.Date)3 List (java.util.List)3 Collectors.toList (java.util.stream.Collectors.toList)3 Inject (javax.inject.Inject)3 Named (javax.inject.Named)3