extra options for meta only signed domain list (#582)

clients/java/zms/src/main/java/com/yahoo/athenz/zms/ZMSClient.java

@@ -1544,16 +1544,47 @@ public Access getAccessExt(String action, String resource, String trustDomain, S
      */
     public SignedDomains getSignedDomains(String domainName, String metaOnly, String matchingTag,
             Map<String, List<String>> responseHeaders) {
+        return getSignedDomains(domainName, metaOnly, null, matchingTag, responseHeaders);
+    }
+
+    /**
+     * Retrieve the list of all domain data from the ZMS Server that
+     * is signed with ZMS's private key. It will pass an optional matchingTag
+     * so that ZMS can skip returning domains if no changes have taken
+     * place since that tag was issued.
+     * @param domainName name of the domain. if specified, the server will
+     *        only return this domain in the result set
+     * @param metaOnly (can be null) must have value of true or false (default).
+     *        if set to true, zms server will only return meta information
+     *        about each domain (description, last modified timestamp, etc) and
+     *        no role/policy/service details will be returned.
+     * @param metaAttr (can be null) if metaOnly option is set to true, this
+     *        parameter can filter the results based on the presence of the
+     *        requested attribute. Allowed values are: account, ypmid, and all.
+     *        account - only return domains that have the account value set
+     *        ypmid - only return domains that have the ypmid value set
+     *        all - return all domains (no filtering).
+     * @param matchingTag (can be null) contains modified timestamp received
+     *        with last request. If null, then return all domains.
+     * @param responseHeaders contains the "tag" returned for modification
+     *        time of the domains, map key = "tag", List should
+     *        contain a single value timestamp String to be used
+     *        with subsequent call as matchingTag to this API
+     * @return list of domains signed by ZMS Server
+     * @throws ZMSClientException in case of failure
+     */
+    public SignedDomains getSignedDomains(String domainName, String metaOnly, String metaAttr,
+            String matchingTag, Map<String, List<String>> responseHeaders) {
         updatePrincipal();
         try {
-            return client.getSignedDomains(domainName, metaOnly, matchingTag, responseHeaders);
+            return client.getSignedDomains(domainName, metaOnly, metaAttr, matchingTag, responseHeaders);
         } catch (ResourceException ex) {
             throw new ZMSClientException(ex.getCode(), ex.getData());
         } catch (Exception ex) {
             throw new ZMSClientException(ZMSClientException.BAD_REQUEST, ex.getMessage());
         }
     }
-    
+
     /**
      * For the specified user credentials return the corresponding User Token that
      * can be used for authenticating other ZMS operations. The client internally

clients/java/zms/src/main/java/com/yahoo/athenz/zms/ZMSRDLGeneratedClient.java

@@ -1301,14 +1301,17 @@ public ResourceAccessList getResourceAccessList(String principal, String action)
 
     }
 
-    public SignedDomains getSignedDomains(String domain, String metaOnly, String matchingTag, java.util.Map<String, java.util.List<String>> headers) {
+    public SignedDomains getSignedDomains(String domain, String metaOnly, String metaAttr, String matchingTag, java.util.Map<String, java.util.List<String>> headers) {
         WebTarget target = base.path("/sys/modified_domains");
         if (domain != null) {
             target = target.queryParam("domain", domain);
         }
         if (metaOnly != null) {
             target = target.queryParam("metaonly", metaOnly);
         }
+        if (metaAttr != null) {
+            target = target.queryParam("metaattr", metaAttr);
+        }
         Invocation.Builder invocationBuilder = target.request("application/json");
         if (credsHeader != null) {
             invocationBuilder = credsHeader.startsWith("Cookie.") ? invocationBuilder.cookie(credsHeader.substring(7),

clients/java/zms/src/test/java/com/yahoo/athenz/zms/ZMSClientTest.java

@@ -1543,7 +1543,7 @@ public void testGetSignedDomains() {
         client.setZMSRDLGeneratedClient(c);
         Map<String, List<String>> respHdrs = new HashMap<>();
         SignedDomains signedDomain1 = Mockito.mock(SignedDomains.class);
-        Mockito.when(c.getSignedDomains("dom1", "meta1", "tag1", respHdrs)).thenReturn(signedDomain1).thenThrow(new ZMSClientException(400,"Audit reference required"));
+        Mockito.when(c.getSignedDomains("dom1", "meta1", null, "tag1", respHdrs)).thenReturn(signedDomain1).thenThrow(new ZMSClientException(400,"Audit reference required"));
         client.getSignedDomains("dom1", "meta1", "tag1", respHdrs);
         try {
             client.getSignedDomains("dom1", "meta1", "tag1", respHdrs);

core/zms/src/main/java/com/yahoo/athenz/zms/DomainModified.java

@@ -3,6 +3,7 @@
 //
 
 package com.yahoo.athenz.zms;
+import com.fasterxml.jackson.annotation.JsonInclude;
 import com.yahoo.rdl.*;
 
 //
@@ -13,6 +14,12 @@
 public class DomainModified {
     public String name;
     public long modified;
+    @RdlOptional
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    public String account;
+    @RdlOptional
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    public Integer ypmId;
 
     public DomainModified setName(String name) {
         this.name = name;
@@ -28,6 +35,20 @@ public DomainModified setModified(long modified) {
     public long getModified() {
         return modified;
     }
+    public DomainModified setAccount(String account) {
+        this.account = account;
+        return this;
+    }
+    public String getAccount() {
+        return account;
+    }
+    public DomainModified setYpmId(Integer ypmId) {
+        this.ypmId = ypmId;
+        return this;
+    }
+    public Integer getYpmId() {
+        return ypmId;
+    }
 
     @Override
     public boolean equals(Object another) {
@@ -42,6 +63,12 @@ public boolean equals(Object another) {
             if (modified != a.modified) {
                 return false;
             }
+            if (account == null ? a.account != null : !account.equals(a.account)) {
+                return false;
+            }
+            if (ypmId == null ? a.ypmId != null : !ypmId.equals(a.ypmId)) {
+                return false;
+            }
         }
         return true;
     }

core/zms/src/main/java/com/yahoo/athenz/zms/ZMSSchema.java

@@ -297,7 +297,9 @@ private static Schema build() {
         sb.structType("DomainModified")
             .comment("Tuple of domain-name and modification time-stamps. This object is returned when the caller has requested list of domains modified since a specific timestamp.")
             .field("name", "DomainName", false, "name of the domain")
-            .field("modified", "Int64", false, "last modified timestamp of the domain");
+            .field("modified", "Int64", false, "last modified timestamp of the domain")
+            .field("account", "String", true, "associated cloud (i.e. aws) account id")
+            .field("ypmId", "Int32", true, "associated product id");
 
         sb.structType("DomainModifiedList")
             .comment("A list of {domain, modified-timestamp} tuples.")
@@ -1399,6 +1401,7 @@ private static Schema build() {
             .comment("Retrieve the list of modified domains since the specified timestamp. The server will return the list of all modified domains and the latest modification timestamp as the value of the ETag header. The client will need to use this value during its next call to request the changes since the previous request. When metaonly set to true, dont add roles, policies or services, dont sign")
             .queryParam("domain", "domain", "DomainName", null, "filter the domain list only to the specified name")
             .queryParam("metaonly", "metaOnly", "String", null, "valid values are \"true\" or \"false\"")
+            .queryParam("metaattr", "metaAttr", "SimpleName", null, "domain meta attribute to filter/return, valid values \"account\", \"ypmId\", or \"all\"")
             .headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any domains modified since this time")
             .output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
             .auth("", "", true)

core/zms/src/main/rdl/SignedDomains.rdli

@@ -11,6 +11,8 @@ include "Entity.tdl";
 type DomainModified Struct {
     DomainName name; //name of the domain
     Int64 modified; //last modified timestamp of the domain
+    String account (optional); //associated cloud (i.e. aws) account id
+    Int32 ypmId (optional); //associated product id
 }
 
 //A list of {domain, modified-timestamp} tuples.
@@ -68,9 +70,10 @@ type SignedDomains Struct {
 //timestamp as the value of the ETag header. The client will need to use this
 //value during its next call to request the changes since the previous request.
 // When metaonly set to true, dont add roles, policies or services, dont sign
-resource SignedDomains GET "/sys/modified_domains?domain={domain}&metaonly={metaOnly}" {
+resource SignedDomains GET "/sys/modified_domains?domain={domain}&metaonly={metaOnly}&metaattr={metaAttr}" {
     DomainName domain (optional); //filter the domain list only to the specified name
     String metaOnly (optional); // valid values are "true" or "false"
+    SimpleName metaAttr (optional); // domain meta attribute to filter/return, valid values "account", "ypmId", or "all"
     String matchingTag (header="If-None-Match"); //Retrieved from the previous request, this timestamp specifies to the server to return any domains modified since this time
     String tag (header="ETag", out); //The current latest modification timestamp is returned in this header
     authenticate;