during delete tenancy check the primary db instance (#2743)

Signed-off-by: Henry Avetisyan <hga@yahooinc.com>
AthenZ · Sep 28, 2024 · 9a6f992 · 9a6f992
1 parent 0275dc5
commit 9a6f992
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 16 deletions.
diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java
@@ -3457,8 +3457,11 @@ DomainList lookupDomainByRole(String roleMember, String roleName) {
     }
 
     List<String> listRoles(String domainName) {
+        return listRoles(domainName, false);
+    }
 
-        try (ObjectStoreConnection con = store.getConnection(true, false)) {
+    List<String> listRoles(String domainName, boolean readWrite) {
+        try (ObjectStoreConnection con = store.getConnection(true, readWrite)) {
             return con.listRoles(domainName);
         }
     }
@@ -9145,7 +9148,11 @@ private boolean processDeleteDomainDependency(ObjectStoreConnection con, String
     }
 
     public ServiceIdentityList listServiceDependencies(String domainName) {
-        try (ObjectStoreConnection con = store.getConnection(true, false)) {
+        return listServiceDependencies(domainName, false);
+    }
+
+    public ServiceIdentityList listServiceDependencies(String domainName, boolean readWrite) {
+        try (ObjectStoreConnection con = store.getConnection(true, readWrite)) {
             ServiceIdentityList serviceIdentityList = new ServiceIdentityList();
             serviceIdentityList.setNames(con.listServiceDependencies(domainName));
             return serviceIdentityList;

diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java
@@ -7820,13 +7820,15 @@ private void tenancyRegisterDomainDependency(ResourceContext ctx, String tenantD
     }
 
     private void tenancyDeregisterDomainDependency(ResourceContext ctx, String tenantDomain, String provSvcDomain,
-                                                   String provSvcName, String auditRef, String caller) {
+            String provSvcName, String auditRef, String caller) {
         final String serviceToDeregister = provSvcDomain + "." + provSvcName;
         if (serviceProviderManager.isServiceProvider(serviceToDeregister)) {
-            boolean tenantDomainRolesExist = isTenantDomainRolesExist(tenantDomain, provSvcDomain, provSvcName);
-            DomainList domainList = dbService.listDomainDependencies(serviceToDeregister);
-            if (!tenantDomainRolesExist && domainList.getNames().contains(tenantDomain)) {
-                dbService.deleteDomainDependency(ctx, tenantDomain, serviceToDeregister, auditRef, caller);
+            ServiceIdentityList serviceIdentityList = dbService.listServiceDependencies(tenantDomain, true);
+            if (serviceIdentityList.getNames().contains(serviceToDeregister)) {
+                boolean tenantDomainRolesExist = isTenantDomainRolesExist(tenantDomain, provSvcDomain, provSvcName);
+                if (!tenantDomainRolesExist) {
+                    dbService.deleteDomainDependency(ctx, tenantDomain, serviceToDeregister, auditRef, caller);
+                }
             }
         }
     }
@@ -8432,15 +8434,15 @@ public void deleteProviderResourceGroupRoles(ResourceContext ctx, String tenantD
         }
     }
 
-    private boolean isTenantDomainRolesExist(String tenantDomain, String provSvcDomain, String provSvcName) {
-        final String provider = provSvcDomain + "." + provSvcName;
-        List<String> dependentResourceGroups = getDependentServiceResourceGroupList(tenantDomain).getServiceAndResourceGroups().stream()
-                .filter(dependency -> dependency.getDomain().equals(tenantDomain) && dependency.getService().equals(provider))
-                .findAny()
-                .map(DependentServiceResourceGroup::getResourceGroups)
-                .orElse(new ArrayList<>());
-
-        return !dependentResourceGroups.isEmpty();
+    private boolean isTenantDomainRolesExist(final String tenantDomain, final String provSvcDomain, final String provSvcName) {
+        final String rolePrefix = ZMSUtils.getTenantResourceGroupRolePrefix(provSvcName, tenantDomain, "");
+        final List<String> tenantDomainRoles = dbService.listRoles(provSvcDomain, true);
+        for (String tenantDomainRole : tenantDomainRoles) {
+            if (tenantDomainRole.startsWith(rolePrefix)) {
+                return true;
+            }
+        }
+        return false;
     }
 
     public ProviderResourceGroupRoles getProviderResourceGroupRoles(ResourceContext ctx, String tenantDomain,