Skip to content

Commit

Permalink
Only system principal to get all signed domains in one request (Athen…
Browse files Browse the repository at this point in the history 
…Z#499)
  • Loading branch information
@havetisyan
havetisyan authored Jun 19, 2018
1 parent f191236 commit c357de4
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 26 deletions.
23 changes: 16 additions & 7 deletions servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4097,7 +4097,7 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta
if (metaOnly != null) {

if (LOG.isDebugEnabled()) {
LOG.debug("getSignedDomains: metaonly: " + metaOnly, caller);
LOG.debug("getSignedDomains: metaonly: {}", metaOnly);
}

setMetaDataOnly = Boolean.parseBoolean(metaOnly.trim());
Expand All @@ -4109,7 +4109,7 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta
// to use the master copy instead of read-only slaves

Principal principal = ((RsrcCtxWrapper) ctx).principal();
boolean masterCopy = principal.getFullName().startsWith("sys.");
boolean systemPrincipal = principal.getFullName().startsWith("sys.");

// if we're given a specific domain then we don't need to
// retrieve the list of modified domains
Expand All @@ -4121,7 +4121,7 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta

Domain domain = null;
try {
domain = dbService.getDomain(domainName, masterCopy);
domain = dbService.getDomain(domainName, systemPrincipal);
} catch (ResourceException ex) {

// in case the domain does not exist we're just
Expand All @@ -4137,7 +4137,7 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta

if (timestamp != 0 && youngestDomMod <= timestamp) {
EntityTag eTag = new EntityTag(domain.getModified().toString());
result.done(304, eTag.toString());
result.done(ResourceException.NOT_MODIFIED, eTag.toString());
}

// generate our signed domain object
Expand All @@ -4153,7 +4153,16 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta
}

} else {


// if we don't have a domain name then the meta flag must
// be set to true otherwise it's expensive to fetch all
// domains and sign all domains into a single response
// unless the request is from a system service

if (!setMetaDataOnly && !systemPrincipal) {
result.done(ResourceException.BAD_REQUEST);
}

// we should get our matching tag before calling get modified list
// in case we get a domain added/updated right after an empty domain list
// was returned and before the matchingTag was set to a value
Expand All @@ -4166,7 +4175,7 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta
DomainModifiedList dmlist = dbService.listModifiedDomains(timestamp);
List<DomainModified> modlist = dmlist.getNameModList();
if (modlist == null || modlist.size() == 0) {
result.done(304, matchingTag);
result.done(ResourceException.NOT_MODIFIED, matchingTag);
}

// now we can iterate through our list and retrieve each domain
Expand Down Expand Up @@ -4206,7 +4215,7 @@ public void getSignedDomains(ResourceContext ctx, String domainName, String meta
EntityTag eTag = new EntityTag(youngest.toString());

metric.stopTiming(timerMetric);
result.done(200, sdoms, eTag.toString());
result.done(ResourceException.OK, sdoms, eTag.toString());
}

List<Policy> getPolicyListWithoutAssertionId(List<Policy> policies) {
Expand Down
65 changes: 46 additions & 19 deletions servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5326,10 +5326,14 @@ public void testGetSignedDomains() {
zms.privateKeyId = "0";
zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));

GetSignedDomainsResult result = new GetSignedDomainsResult(mockDomRsrcCtx);
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
Principal sysPrincipal = principalAuthority.authenticate("v=U1;d=sys;n=zts;s=signature",
"10.11.12.13", "GET", null);
ResourceContext rsrcCtx = createResourceContext(sysPrincipal);
GetSignedDomainsResult result = new GetSignedDomainsResult(rsrcCtx);
SignedDomains sdoms = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, null, result);
zms.getSignedDomains(rsrcCtx, null, null, null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand Down Expand Up @@ -5362,10 +5366,10 @@ public void testGetSignedDomains() {
zms.privateKeyId = "1";
zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK1));

result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
sdoms = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, null, result);
zms.getSignedDomains(rsrcCtx, null, null, null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand All @@ -5392,10 +5396,10 @@ public void testGetSignedDomains() {
zms.privateKeyId = "2";
zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK2));

result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
sdoms = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, null, result);
zms.getSignedDomains(rsrcCtx, null, null, null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand All @@ -5416,10 +5420,10 @@ public void testGetSignedDomains() {

// test metaonly=true
//
result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
sdoms = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, "tRuE", null, result);
zms.getSignedDomains(rsrcCtx, null, "tRuE", null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand Down Expand Up @@ -5447,10 +5451,10 @@ public void testGetSignedDomains() {

// test metaonly=garbage
//
result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
sdoms = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, "garbage", null, result);
zms.getSignedDomains(rsrcCtx, null, "garbage", null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand All @@ -5475,10 +5479,10 @@ public void testGetSignedDomains() {

// test metaonly=false
//
result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
sdoms = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, "fAlSe", null, result);
zms.getSignedDomains(rsrcCtx, null, "fAlSe", null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand All @@ -5505,9 +5509,9 @@ public void testGetSignedDomains() {
//
String eTag = "I am not good";
String eTag2 = null;
result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, eTag, result);
zms.getSignedDomains(rsrcCtx, null, null, eTag, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand All @@ -5527,11 +5531,11 @@ public void testGetSignedDomains() {
Policy policy1 = createPolicyObject("SignedDom1", "Policy1");
zms.putPolicy(mockDomRsrcCtx, "SignedDom1", "Policy1", auditRef, policy1);

result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
sdoms = null;
eTag = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, eTag2, result);
zms.getSignedDomains(rsrcCtx, null, null, eTag2, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
Expand All @@ -5546,10 +5550,10 @@ public void testGetSignedDomains() {
assertNotNull(list);
assertEquals(1, list.size());

result = new GetSignedDomainsResult(mockDomRsrcCtx);
result = new GetSignedDomainsResult(rsrcCtx);
eTag2 = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, eTag, result);
zms.getSignedDomains(rsrcCtx, null, null, eTag, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
assertEquals(304, wexc.getResponse().getStatus());
Expand Down Expand Up @@ -5656,7 +5660,30 @@ public void testGetSignedDomainsFiltered() {
zms.deleteTopLevelDomain(mockDomRsrcCtx, "signeddom1filtered", auditRef);
zms.deleteTopLevelDomain(mockDomRsrcCtx, "signeddom2filtered", auditRef);
}


@Test
public void testGetSignedDomainsNotSystemPrincipal() {

// create multiple top level domains
TopLevelDomain dom1 = createTopLevelDomainObject("SignedDom1",
"Test Domain1", "testOrg", adminUser);
zms.postTopLevelDomain(mockDomRsrcCtx, auditRef, dom1);

GetSignedDomainsResult result = new GetSignedDomainsResult(mockDomRsrcCtx);
ResourceError error = null;
try {
zms.getSignedDomains(mockDomRsrcCtx, null, null, null, result);
fail("webappexc not thrown by getSignedDomains");
} catch (javax.ws.rs.WebApplicationException wexc) {
Object obj = getWebAppExcEntity(wexc);
error = (ResourceError) obj;
}
assertNotNull(error);
assertEquals(error.code, ResourceException.BAD_REQUEST);

zms.deleteTopLevelDomain(mockDomRsrcCtx, "SignedDom1", auditRef);
}

@Test
public void testGetAccess() {

Expand Down

0 comments on commit c357de4

Please sign in to comment.