Provide option to disable quota check

AthenZ · Jul 5, 2017 · bb39aa1 · bb39aa1
1 parent f45ac0f
commit bb39aa1
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 0 deletions.
diff --git a/servers/zms/conf/zms.properties b/servers/zms/conf/zms.properties
@@ -203,6 +203,10 @@ athenz.zms.solution_templates_fname=${ROOT}/conf/zms_server/solution_templates.j
 # ZMS are only accepted on secure TLS ports.
 #athenz.zms.secure_requests_only=true
 
+# Quota Support: boolean value defining whether or not quota
+# check is enabled or not.
+#athenz.zms.quota_check=true
+
 # Quota Support: default number of roles allowed to be created
 # in a given domain.
 #athenz.zms.quota_role=1000

diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/QuotaChecker.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/QuotaChecker.java
@@ -9,8 +9,16 @@
 public class QuotaChecker {
 
     Quota defaultQuota;
+    boolean quotaCheckEnabled = true;
 
     public QuotaChecker() {
+
+        // first check if the quota check is enabled or not
+
+        quotaCheckEnabled = Boolean.parseBoolean(System.getProperty(ZMSConsts.ZMS_PROP_QUOTA_CHECK, "true"));
+
+        // retrieve default quota values
+
         int roleQuota = Integer.parseInt(System.getProperty(ZMSConsts.ZMS_PROP_QUOTA_ROLE, "1000"));
         int roleMemberQuota = Integer.parseInt(System.getProperty(ZMSConsts.ZMS_PROP_QUOTA_ROLE_MEMBER, "100"));
         int policyQuota = Integer.parseInt(System.getProperty(ZMSConsts.ZMS_PROP_QUOTA_POLICY, "1000"));
@@ -40,6 +48,12 @@ int getListSize(List<?> list) {
 
     void checkSubdomainQuota(ObjectStoreConnection con, String domainName, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // for sub-domains we need to run the quota check against
         // the top level domain so let's get that first. If we are
         // creating a top level domain then there is no need for
@@ -69,6 +83,12 @@ void checkSubdomainQuota(ObjectStoreConnection con, String domainName, String ca
 
     void checkRoleQuota(ObjectStoreConnection con, String domainName, Role role, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // if our role is null then there is no quota check
 
         if (role == null) {
@@ -101,6 +121,12 @@ void checkRoleQuota(ObjectStoreConnection con, String domainName, Role role, Str
     void checkRoleMembershipQuota(ObjectStoreConnection con, String domainName,
             List<RoleMember> roleMembers, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // first retrieve the domain quota
 
         final Quota quota = getDomainQuota(con, domainName);
@@ -117,6 +143,12 @@ void checkRoleMembershipQuota(ObjectStoreConnection con, String domainName,
 
     void checkPolicyQuota(ObjectStoreConnection con, String domainName, Policy policy, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // if our policy is null then there is no quota check
 
         if (policy == null) {
@@ -149,6 +181,12 @@ void checkPolicyQuota(ObjectStoreConnection con, String domainName, Policy polic
     void checkPolicyAssertionQuota(ObjectStoreConnection con, String domainName,
             List<Assertion> assertions, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // first retrieve the domain quota
 
         final Quota quota = getDomainQuota(con, domainName);
@@ -166,6 +204,12 @@ void checkPolicyAssertionQuota(ObjectStoreConnection con, String domainName,
     void checkServiceIdentityQuota(ObjectStoreConnection con, String domainName,
             ServiceIdentity service, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // if our service is null then there is no quota check
 
         if (service == null) {
@@ -204,6 +248,12 @@ void checkServiceIdentityQuota(ObjectStoreConnection con, String domainName,
     void checkServiceIdentityPublicKeyQuota(ObjectStoreConnection con, String domainName,
             List<PublicKeyEntry> publicKeys, String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // first retrieve the domain quota
 
         final Quota quota = getDomainQuota(con, domainName);
@@ -221,6 +271,12 @@ void checkServiceIdentityPublicKeyQuota(ObjectStoreConnection con, String domain
     void checkEntityQuota(ObjectStoreConnection con, String domainName, Entity entity,
             String caller) {
 
+        // if quota check is disabled we have nothing to do
+
+        if (!quotaCheckEnabled) {
+            return;
+        }
+
         // if our entity is null then there is no quota check
 
         if (entity == null) {

diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSConsts.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSConsts.java
@@ -64,6 +64,7 @@ public final class ZMSConsts {
 
     // properties for our default quota limits
 
+    public static final String ZMS_PROP_QUOTA_CHECK        = "athenz.zms.quota_check";
     public static final String ZMS_PROP_QUOTA_ROLE         = "athenz.zms.quota_role";
     public static final String ZMS_PROP_QUOTA_ROLE_MEMBER  = "athenz.zms.quota_role_member";
     public static final String ZMS_PROP_QUOTA_POLICY       = "athenz.zms.quota_policy";