From 99b60647552a57fdbf8828cb7660cf041300f943 Mon Sep 17 00:00:00 2001 From: Henry Avetisyan Date: Thu, 9 May 2024 22:34:04 -0700 Subject: [PATCH 1/2] in jws domain object return service resource ownership Signed-off-by: Henry Avetisyan --- .../zms/store/impl/jdbc/JDBCConnection.java | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java index dd931d0cca6..fedee84489f 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/impl/jdbc/JDBCConnection.java @@ -3384,16 +3384,7 @@ public ServiceIdentity getServiceIdentity(String domainName, String serviceName) ps.setString(2, serviceName); try (ResultSet rs = executeQuery(ps, caller)) { if (rs.next()) { - - return new ServiceIdentity() - .setName(ResourceUtils.serviceResourceName(domainName, serviceName)) - .setDescription(saveValue(rs.getString(ZMSConsts.DB_COLUMN_DESCRIPTION))) - .setModified(Timestamp.fromMillis(rs.getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED).getTime())) - .setProviderEndpoint(saveValue(rs.getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT))) - .setExecutable(saveValue(rs.getString(ZMSConsts.DB_COLUMN_EXECUTABLE))) - .setUser(saveValue(rs.getString(ZMSConsts.DB_COLUMN_SVC_USER))) - .setGroup(saveValue(rs.getString(ZMSConsts.DB_COLUMN_SVC_GROUP))) - .setResourceOwnership(ResourceOwnership.getResourceServiceOwnership(rs.getString(ZMSConsts.DB_COLUMN_RESOURCE_OWNER))); + return saveServiceIdentitySettings(domainName, serviceName, rs); } } } catch (SQLException ex) { @@ -3402,6 +3393,20 @@ public ServiceIdentity getServiceIdentity(String domainName, String serviceName) return null; } + ServiceIdentity saveServiceIdentitySettings(final String domainName, final String serviceName, + ResultSet rs) throws SQLException { + + return new ServiceIdentity() + .setName(ResourceUtils.serviceResourceName(domainName, serviceName)) + .setDescription(saveValue(rs.getString(ZMSConsts.DB_COLUMN_DESCRIPTION))) + .setModified(Timestamp.fromMillis(rs.getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED).getTime())) + .setProviderEndpoint(saveValue(rs.getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT))) + .setExecutable(saveValue(rs.getString(ZMSConsts.DB_COLUMN_EXECUTABLE))) + .setUser(saveValue(rs.getString(ZMSConsts.DB_COLUMN_SVC_USER))) + .setGroup(saveValue(rs.getString(ZMSConsts.DB_COLUMN_SVC_GROUP))) + .setResourceOwnership(ResourceOwnership.getResourceServiceOwnership(rs.getString(ZMSConsts.DB_COLUMN_RESOURCE_OWNER))); + } + int processInsertValue(Integer value) { return (value == null) ? 0 : value; } @@ -4334,14 +4339,7 @@ void getAthenzDomainServices(String domainName, int domainId, AthenzDomain athen try (ResultSet rs = executeQuery(ps, caller)) { while (rs.next()) { String serviceName = rs.getString(ZMSConsts.DB_COLUMN_NAME); - ServiceIdentity service = new ServiceIdentity() - .setName(ResourceUtils.serviceResourceName(domainName, serviceName)) - .setProviderEndpoint(saveValue(rs.getString(ZMSConsts.DB_COLUMN_PROVIDER_ENDPOINT))) - .setDescription(saveValue(rs.getString(ZMSConsts.DB_COLUMN_DESCRIPTION))) - .setExecutable(saveValue(rs.getString(ZMSConsts.DB_COLUMN_EXECUTABLE))) - .setUser(saveValue(rs.getString(ZMSConsts.DB_COLUMN_SVC_USER))) - .setGroup(saveValue(rs.getString(ZMSConsts.DB_COLUMN_SVC_GROUP))) - .setModified(Timestamp.fromMillis(rs.getTimestamp(ZMSConsts.DB_COLUMN_MODIFIED).getTime())); + ServiceIdentity service = saveServiceIdentitySettings(domainName, serviceName, rs); List publicKeys = new ArrayList<>(); service.setPublicKeys(publicKeys); serviceMap.put(serviceName, service); From 5638d6337b73c72797963cca88dba93e556453da Mon Sep 17 00:00:00 2001 From: Henry Avetisyan Date: Thu, 9 May 2024 22:34:22 -0700 Subject: [PATCH 2/2] allow zms-cli just pass empty string to reset resource ownership Signed-off-by: Henry Avetisyan --- libs/go/zmscli/domain.go | 26 ++++++++++++++------------ libs/go/zmscli/policy.go | 26 ++++++++++++++------------ libs/go/zmscli/role.go | 30 ++++++++++++++++-------------- libs/go/zmscli/service.go | 30 ++++++++++++++++-------------- 4 files changed, 60 insertions(+), 52 deletions(-) diff --git a/libs/go/zmscli/domain.go b/libs/go/zmscli/domain.go index 2b9b3a6ce45..f798cec84bc 100644 --- a/libs/go/zmscli/domain.go +++ b/libs/go/zmscli/domain.go @@ -1381,18 +1381,20 @@ func (cli Zms) GetAuthHistoryDependencies(dn string) (*string, error) { func (cli Zms) SetDomainResourceOwnership(dn, resourceOwner string) (*string, error) { resourceOwnership := zms.ResourceDomainOwnership{} - fields := strings.Split(resourceOwner, ",") - for _, field := range fields { - parts := strings.Split(field, ":") - if len(parts) != 2 { - return nil, errors.New("invalid resource owner format") - } - if parts[0] == "objectowner" { - resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) - } else if parts[0] == "metaowner" { - resourceOwnership.MetaOwner = zms.SimpleName(parts[1]) - } else { - return nil, errors.New("invalid resource owner format") + if resourceOwner != "" { + fields := strings.Split(resourceOwner, ",") + for _, field := range fields { + parts := strings.Split(field, ":") + if len(parts) != 2 { + return nil, errors.New("invalid resource owner format") + } + if parts[0] == "objectowner" { + resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) + } else if parts[0] == "metaowner" { + resourceOwnership.MetaOwner = zms.SimpleName(parts[1]) + } else { + return nil, errors.New("invalid resource owner format") + } } } err := cli.Zms.PutResourceDomainOwnership(zms.DomainName(dn), cli.AuditRef, &resourceOwnership) diff --git a/libs/go/zmscli/policy.go b/libs/go/zmscli/policy.go index bd58c21aeb3..8655144d806 100644 --- a/libs/go/zmscli/policy.go +++ b/libs/go/zmscli/policy.go @@ -511,18 +511,20 @@ func (cli Zms) ShowPolicies(dn string, tagKey string, tagValue string) (*string, func (cli Zms) SetPolicyResourceOwnership(dn, pn, resourceOwner string) (*string, error) { resourceOwnership := zms.ResourcePolicyOwnership{} - fields := strings.Split(resourceOwner, ",") - for _, field := range fields { - parts := strings.Split(field, ":") - if len(parts) != 2 { - return nil, errors.New("invalid resource owner format") - } - if parts[0] == "objectowner" { - resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) - } else if parts[0] == "assertionsowner" { - resourceOwnership.AssertionsOwner = zms.SimpleName(parts[1]) - } else { - return nil, errors.New("invalid resource owner format") + if resourceOwner != "" { + fields := strings.Split(resourceOwner, ",") + for _, field := range fields { + parts := strings.Split(field, ":") + if len(parts) != 2 { + return nil, errors.New("invalid resource owner format") + } + if parts[0] == "objectowner" { + resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) + } else if parts[0] == "assertionsowner" { + resourceOwnership.AssertionsOwner = zms.SimpleName(parts[1]) + } else { + return nil, errors.New("invalid resource owner format") + } } } err := cli.Zms.PutResourcePolicyOwnership(zms.DomainName(dn), zms.EntityName(pn), cli.AuditRef, &resourceOwnership) diff --git a/libs/go/zmscli/role.go b/libs/go/zmscli/role.go index 17f025a0eb9..bf796a50bac 100644 --- a/libs/go/zmscli/role.go +++ b/libs/go/zmscli/role.go @@ -985,20 +985,22 @@ func (cli Zms) PutMembershipDecision(dn string, rn string, mbr string, approval func (cli Zms) SetRoleResourceOwnership(dn, rn, resourceOwner string) (*string, error) { resourceOwnership := zms.ResourceRoleOwnership{} - fields := strings.Split(resourceOwner, ",") - for _, field := range fields { - parts := strings.Split(field, ":") - if len(parts) != 2 { - return nil, errors.New("invalid resource owner format") - } - if parts[0] == "objectowner" { - resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) - } else if parts[0] == "membersowner" { - resourceOwnership.MembersOwner = zms.SimpleName(parts[1]) - } else if parts[0] == "metaowner" { - resourceOwnership.MetaOwner = zms.SimpleName(parts[1]) - } else { - return nil, errors.New("invalid resource owner format") + if resourceOwner != "" { + fields := strings.Split(resourceOwner, ",") + for _, field := range fields { + parts := strings.Split(field, ":") + if len(parts) != 2 { + return nil, errors.New("invalid resource owner format") + } + if parts[0] == "objectowner" { + resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) + } else if parts[0] == "membersowner" { + resourceOwnership.MembersOwner = zms.SimpleName(parts[1]) + } else if parts[0] == "metaowner" { + resourceOwnership.MetaOwner = zms.SimpleName(parts[1]) + } else { + return nil, errors.New("invalid resource owner format") + } } } err := cli.Zms.PutResourceRoleOwnership(zms.DomainName(dn), zms.EntityName(rn), cli.AuditRef, &resourceOwnership) diff --git a/libs/go/zmscli/service.go b/libs/go/zmscli/service.go index b523aaff317..06257b07a8b 100644 --- a/libs/go/zmscli/service.go +++ b/libs/go/zmscli/service.go @@ -486,20 +486,22 @@ func (cli Zms) DeleteService(dn string, sn string) (*string, error) { func (cli Zms) SetServiceResourceOwnership(dn, sn, resourceOwner string) (*string, error) { resourceOwnership := zms.ResourceServiceIdentityOwnership{} - fields := strings.Split(resourceOwner, ",") - for _, field := range fields { - parts := strings.Split(field, ":") - if len(parts) != 2 { - return nil, errors.New("invalid resource owner format") - } - if parts[0] == "objectowner" { - resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) - } else if parts[0] == "publickeysowner" { - resourceOwnership.PublicKeysOwner = zms.SimpleName(parts[1]) - } else if parts[0] == "hostsowner" { - resourceOwnership.HostsOwner = zms.SimpleName(parts[1]) - } else { - return nil, errors.New("invalid resource owner format") + if resourceOwner != "" { + fields := strings.Split(resourceOwner, ",") + for _, field := range fields { + parts := strings.Split(field, ":") + if len(parts) != 2 { + return nil, errors.New("invalid resource owner format") + } + if parts[0] == "objectowner" { + resourceOwnership.ObjectOwner = zms.SimpleName(parts[1]) + } else if parts[0] == "publickeysowner" { + resourceOwnership.PublicKeysOwner = zms.SimpleName(parts[1]) + } else if parts[0] == "hostsowner" { + resourceOwnership.HostsOwner = zms.SimpleName(parts[1]) + } else { + return nil, errors.New("invalid resource owner format") + } } } err := cli.Zms.PutResourceServiceIdentityOwnership(zms.DomainName(dn), zms.SimpleName(sn), cli.AuditRef, &resourceOwnership)