/// <summary>
/// 實例化一個和傳進來一樣的 <see cref="ResourceOperation"/> 物件.
/// </summary>
/// <param name="resourceOperation">The resource operation.</param>
public ResourceOperation(ResourceOperation resourceOperation)
: this(resourceOperation.ResourceName, resourceOperation.Operation, resourceOperation.AreaName,
resourceOperation.ControllerName,
resourceOperation.ActionName,
resourceOperation.DisplayName,
resourceOperation.DisplayNameWithParent)
{
}
public static void ThrowTransportExceptionOnItemOperation(
Uri physicalAddress,
ResourceOperation resourceOperation,
DocumentServiceRequest request,
Guid activityId,
string transportExceptionSourceDescription)
{
if (request.ResourceType == ResourceType.Document)
{
TransportException transportException = new TransportException(
errorCode: TransportErrorCode.RequestTimeout,
innerException: null,
activityId: activityId,
requestUri: physicalAddress,
sourceDescription: transportExceptionSourceDescription,
userPayload: true,
payloadSent: false);
throw Documents.Rntbd.TransportExceptions.GetRequestTimeoutException(physicalAddress, Guid.NewGuid(),
transportException);
}
}
private static void Interceptor(
Uri physicalAddress,
ResourceOperation resourceOperation,
DocumentServiceRequest request)
{
if (request.RequestContext?.RegionName != null)
{
Trace.TraceInformation($"Got {request.RequestContext?.RegionName} as region name for {physicalAddress}");
}
if (resourceOperation.resourceType == ResourceType.Document)
{
Assert.IsNotNull(request.RequestContext.RegionName);
if (resourceOperation.operationType == OperationType.Create)
{
Assert.IsTrue(request.RequestContext.ClientRequestStatistics.ContactedReplicas.Count > 1);
}
else
{
Assert.AreEqual(0, request.RequestContext.ClientRequestStatistics.ContactedReplicas.Count);
}
}
}
/// <summary>
/// 依照內容建立出AuthorizationContext
/// </summary>
/// <param name="principal">目前的Principal</param>
/// <param name="resourceOperation">目前要驗證的ResourceOperation</param>
/// <returns>AuthorizationContext</returns>
public AuthorizationContext CreateAuthorizationContext(ClaimsPrincipal principal, ResourceOperation resourceOperation)
{
var actionClaims = new Collection <Claim>();
var resourceClaims = new Collection <Claim>();
if (resourceOperation != null)
{
actionClaims.Add(new Claim(ActionType, resourceOperation.Operation.ToString()));
resourceClaims.Add(new Claim(ResourceType, resourceOperation.ResourceName));
}
return(new AuthorizationContext(
principal,
resourceClaims,
actionClaims));
}
protected abstract ResourceHandle PerformOperationInternal(Uri uri, ResourceOperation operation, object arg);
internal override async Task <StoreResponse> InvokeStoreAsync(Uri baseAddress, ResourceOperation resourceOperation, DocumentServiceRequest request)
{
Uri physicalAddress = GatewayStoreClient.IsFeedRequest(request.OperationType) ?
HttpTransportClient.GetResourceFeedUri(resourceOperation.resourceType, baseAddress, request) :
HttpTransportClient.GetResourceEntryUri(resourceOperation.resourceType, baseAddress, request);
using (HttpResponseMessage responseMessage = await this.InvokeClientAsync(request, resourceOperation.resourceType, physicalAddress, default(CancellationToken)))
{
return(await HttpTransportClient.ProcessHttpResponse(request.ResourceAddress, string.Empty, responseMessage, physicalAddress, request));
}
}
ResourceHandle IFileSystem.PerformOperation(Uri uri, ResourceOperation operation, object arg)
{
throw new NotImplementedException();
}
// Overload for an array of Resource operations
public bool CheckAccess(
string userName,
IntPtr userToken,
byte[] secDesc,
ResourceOperation[] requiredOperations)
{
// If the user is the administrator, allow unrestricted access.
if (0 == String.Compare(userName, m_adminUserName, true,
CultureInfo.CurrentCulture))
return true;
foreach(ResourceOperation operation in requiredOperations)
{
if (!CheckAccess(userName, userToken, secDesc, operation))
return false;
}
return true;
}
public IngredientOperationRequirement(ResourceOperation resourceOperation)
{
ResourceOperation = resourceOperation;
}
public async Task ServerCloseOnSslNegotiationCompleteAsyncTest()
{
using (FaultyServer server = new FaultyServer())
{
server.OnConnectionEvent += (sender, args) =>
{
if (args.EventType == FaultyServer.ConnectionEventType.SslNegotiationComplete)
{
RntbdTests.RandomSleep();
args.Close = true;
}
};
try
{
await server.StartAsync();
Dictionary <OperationType, ResourceOperation> operationMap =
new Dictionary <OperationType, ResourceOperation>
{
[OperationType.Read] = ResourceOperation.ReadDocument,
[OperationType.Upsert] = ResourceOperation.UpsertDocument,
};
foreach (OperationType operationType in new OperationType[]
{
OperationType.Read,
OperationType.Upsert
})
{
TimeSpan runTime = TimeSpan.FromSeconds(10.0);
Stopwatch sw = Stopwatch.StartNew();
while (sw.Elapsed < runTime)
{
Guid activityId = Guid.NewGuid();
Trace.CorrelationManager.ActivityId = activityId;
using (Rntbd.Channel channel = new Rntbd.Channel(
server.Uri,
new Rntbd.ChannelProperties(
new UserAgentContainer(),
certificateHostNameOverride: "localhost",
timerPool: new TimerPool(1),
requestTimeout: TimeSpan.FromSeconds(1.0),
openTimeout: TimeSpan.FromSeconds(1.0),
maxChannels: ushort.MaxValue,
maxRequestsPerChannel: 100,
receiveHangDetectionTime: TimeSpan.FromSeconds(2.0),
sendHangDetectionTime: TimeSpan.FromSeconds(0.5))))
{
channel.Initialize(activityId);
try
{
ResourceType resourceType = ResourceType.Document;
ResourceOperation resourceOperation = operationMap[operationType];
StoreResponse response = await channel.RequestAsync(
DocumentServiceRequest.Create(
operationType,
resourceType,
AuthorizationTokenType.SecondaryReadonlyMasterKey),
new Uri(server.Uri, "foo/bar/baz"),
resourceOperation,
activityId);
}
catch (DocumentClientException e)
{
Assert.AreEqual(activityId.ToString(), e.ActivityId);
if (!string.Equals("ServiceUnavailable", e.Error.Code) &&
!string.Equals("Gone", e.Error.Code))
{
Assert.Fail("Unexpected error code: {0}", e.Error.Code);
}
Exception rootCause = e;
Exception nextRootCause = e.InnerException;
while (nextRootCause != null)
{
rootCause = nextRootCause;
nextRootCause = nextRootCause.InnerException;
}
SocketException socketException = rootCause as SocketException;
if (socketException != null)
{
if (socketException.SocketErrorCode != SocketError.ConnectionReset &&
socketException.SocketErrorCode != SocketError.ConnectionAborted)
{
Assert.Fail(
"Expected connection reset or " +
"connection aborted. Actual: {0}",
socketException.SocketErrorCode.ToString());
}
}
else
{
GoneException goneException = rootCause as GoneException;
IOException ioException = rootCause as IOException;
Assert.IsTrue(goneException != null || ioException != null,
"Expected GoneException or IOException. Actual: {0} ({1})",
rootCause.Message, rootCause.GetType());
}
}
}
}
}
}
finally
{
await server.StopAsync();
}
}
}
/// <summary>
/// 檢查是否有權限使用某個ResourceOperation
/// </summary>
/// <param name="context">目前的AuthorizationContext</param>
/// <param name="resourceOperation">要驗證的ResourceOperation</param>
/// <param name="rolesName">目前使用者的Role</param>
/// <returns>true,表示有權限,不然則是false</returns>
public abstract bool CheckAccess(AuthorizationContext context,
ResourceOperation resourceOperation, string[] rolesName);
public int Add(ResourceOperation operation)
{
return(base.InnerList.Add(operation));
}
// Overload for an array of Resource operations
public bool CheckAccess(
string userName,
IntPtr userToken,
byte[] secDesc,
ResourceOperation[] requiredOperations)
{
return true;
}
protected abstract Task <ResourceHandle> PerformOperationAsyncInternal(Uri uri, ResourceOperation operation, object arg, CancellationToken cancellationToken);
protected override async Task <ResourceHandle> PerformOperationAsyncInternal(Uri uri, ResourceOperation operation, object arg, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
Uri target;
string tpath, spath;
switch (operation)
{
case ResourceOperation.Create:
spath = GetPath(uri);
cancellationToken.ThrowIfCancellationRequested();
IntPtr handle = Kernel32.CreateFile(spath, FileAccess.ReadWrite, FileShare.None, IntPtr.Zero, FileMode.CreateNew, (FileAttributes)arg, FileFlags.None, IntPtr.Zero);
try{
return(new Win32FileHandle(handle, this));
}finally{
Kernel32.CloseHandle(handle);
}
case ResourceOperation.Delete:
spath = GetPath(uri);
cancellationToken.ThrowIfCancellationRequested();
Kernel32.DeleteFile(spath);
break;
case ResourceOperation.Move:
string name = arg as string;
if (name != null)
{
target = new Uri(uri, name);
}
else
{
target = (Uri)arg;
}
spath = GetPath(uri);
tpath = GetPath(target);
await MoveFile(spath, tpath, cancellationToken);
break;
case ResourceOperation.Copy:
target = (Uri)arg;
spath = GetPath(uri);
tpath = GetPath(target);
await CopyFile(spath, tpath, cancellationToken);
break;
default:
throw new NotImplementedException();
}
return(null);
}
// Overload for Resource operations
public bool CheckAccess(
string userName,
IntPtr userToken,
byte[] secDesc,
ResourceOperation requiredOperation)
{
// If the user is the administrator, allow unrestricted access.
if (0 == String.Compare(userName, m_adminUserName, true,
CultureInfo.CurrentCulture))
return true;
AceCollection acl = DeserializeAcl(secDesc);
foreach(AceStruct ace in acl)
{
if (0 == String.Compare(userName, ace.PrincipalName, true,
CultureInfo.CurrentCulture))
{
foreach(ResourceOperation aclOperation in
ace.ResourceOperations)
{
if (aclOperation == requiredOperation)
return true;
}
}
}
return false;
}
protected async Task <ResourceCommandResult> PerformOperation(Workspace workspace, ResourceOperation operation, string[] addresses, string args = null)
{
using (var lockResult = await _lockService.GetWorkspaceLock(workspace.Id).LockAsync(0))
{
if (!lockResult.AcquiredLock)
{
throw new WorkspaceConflictException();
}
if (!await _db.AnyIncompleteRuns(workspace.Id))
{
return(await this.OperationDoWork(workspace, operation, addresses, args));
}
else
{
throw new WorkspaceConflictException();
}
}
}
/// <summary>
/// 依照對應的Area、Controller和Action,取得對應的ResourceOperation
/// </summary>
/// <param name="areaName">Area名稱</param>
/// <param name="controllerName">Controller名稱</param>
/// <param name="actionName">Action名稱</param>
/// <returns>
/// 這個Route對應的ResourceOperation
/// </returns>
public ResourceOperation GetResourceOperation(string areaName, string controllerName, string actionName)
{
return(ResourceOperation.Where(x => x.AreaName.ToLower() == areaName.ToLower() &&
x.ControllerName.ToLower() == controllerName.ToLower() &&
x.ActionName.ToLower() == actionName.ToLower()).FirstOrDefault());
}
private async Task <ResourceCommandResult> OperationDoWork(Workspace workspace, ResourceOperation operation, string[] addresses, string args)
{
var errors = new List <string>();
JsonElement?outputs = null;
var workingDir = workspace.GetPath(_terraformOptions.RootWorkingDirectory);
var files = await _db.GetWorkspaceFiles(workspace, workspace.Directory);
await workspace.PrepareFileSystem(workingDir, files);
var initResult = _terraformService.InitializeWorkspace(workspace, null);
var statePath = string.Empty;
if (!workspace.IsDefault)
{
statePath = workspace.GetStatePath(workingDir, backupState: false);
}
if (!initResult.IsError)
{
TerraformResult result = null;
switch (operation)
{
case ResourceOperation.taint:
case ResourceOperation.untaint:
foreach (string address in addresses)
{
TerraformResult taintResult = null;
switch (operation)
{
case ResourceOperation.taint:
taintResult = _terraformService.Taint(workspace, address, statePath);
break;
case ResourceOperation.untaint:
taintResult = _terraformService.Untaint(workspace, address, statePath);
break;
}
if (taintResult != null && taintResult.IsError)
{
errors.Add(taintResult.Output);
}
}
break;
case ResourceOperation.refresh:
result = _terraformService.Refresh(workspace, statePath);
break;
case ResourceOperation.remove:
result = _terraformService.RemoveResources(workspace, addresses, statePath);
break;
case ResourceOperation.import:
result = _terraformService.Import(workspace, addresses[0], args, statePath);
break;
case ResourceOperation.output:
result = _terraformService.GetOutputs(workspace, statePath);
outputs = JsonDocument.Parse(result.Output).RootElement;
break;
}
if (result != null && result.IsError)
{
errors.Add(result.Output);
}
await workspace.RetrieveState(workingDir);
await _db.SaveChangesAsync();
workspace.CleanupFileSystem(_terraformOptions.RootWorkingDirectory);
}
return(new ResourceCommandResult
{
Resources = _mapper.Map <Resource[]>(workspace.GetState().GetResources(), opts => opts.ExcludeMembers(nameof(Resource.Attributes))),
Errors = errors.ToArray(),
Outputs = outputs
});
}
Task <ResourceHandle> IFileSystem.PerformOperationAsync(Uri uri, ResourceOperation operation, object arg, CancellationToken cancellationToken)
{
throw new NotImplementedException();
}
private Tuple <User, Role, Group, Resource> RBAC_InitRBAC()
{
var user = new User {
UserName = "******"
};
RepositoryFacade.Save(user);
var role = new Role {
Name = "管理员", Code = "admin"
};
RepositoryFacade.Save(role);
var userRole = new UserRole {
User = user, Role = role
};
RepositoryFacade.Save(userRole);
var group = new Group
{
Name = "研发部",
Code = "abc",
TreeChildren =
{
new Group
{
Name = "测试组",
Code = "def"
}
}
};
RepositoryFacade.Save(group);
var groupUser = new GroupUser {
Group = group, User = user
};
RepositoryFacade.Save(groupUser);
var groupRole = new GroupRole {
Group = group, Role = role
};
RepositoryFacade.Save(groupRole);
var resource = new Resource
{
Name = "待开明细",
Code = "Transcation",
Description = "Transcation"
}.SetIsSupportDataPermission(true).SetResourceEntityType(typeof(TestDataPermission).FullName);
var operation = new ResourceOperation
{
Name = "新增",
Code = "Add"
};
resource.ResourceOperationList.Add(operation);
resource.ResourceOperationList.Add(
new ResourceOperation
{
Name = "删除",
Code = "Delete"
}
);
RepositoryFacade.Save(resource);
RepositoryFacade.Save(new RoleOperation
{
Role = role,
Operation = operation
});
var dataPermission = new DataPermission
{
Resource = resource,
Role = role
};
dataPermission.SetBuilder(new CurrentGroupPermissionConstraintBuilder
{
IsIncludeChildGroup = false,
GroupIdProperty = "GroupId"
});
RepositoryFacade.Save(dataPermission);
var testDataPermission = new TestDataPermission();
testDataPermission.Group = group;
testDataPermission.Name = "test";
RepositoryFacade.Save(testDataPermission);
return(Tuple.Create(user, role, group, resource));
}
private async Task <Workspace> OperationDoWork(Workspace workspace, ResourceOperation operation, string[] addresses)
{
var workingDir = workspace.GetPath(_terraformOptions.RootWorkingDirectory);
var files = await _db.GetWorkspaceFiles(workspace, workspace.Directory);
await workspace.PrepareFileSystem(workingDir, files);
var initResult = _terraformService.InitializeWorkspace(
workingDir, workspace.Name, workspace.IsDefault, null);
var statePath = string.Empty;
if (!workspace.IsDefault)
{
statePath = workspace.GetStatePath(workingDir, backupState: false);
}
if (!initResult.IsError)
{
switch (operation)
{
case ResourceOperation.taint:
case ResourceOperation.untaint:
foreach (string address in addresses)
{
TerraformResult taintResult = null;
switch (operation)
{
case ResourceOperation.taint:
taintResult = _terraformService.Taint(workingDir, address, statePath);
break;
case ResourceOperation.untaint:
taintResult = _terraformService.Untaint(workingDir, address, statePath);
break;
}
if (taintResult != null && taintResult.IsError)
{
_logger.LogError(taintResult.Output);
}
}
break;
case ResourceOperation.refresh:
TerraformResult refreshResult = _terraformService.Refresh(workingDir, statePath);
if (refreshResult.IsError)
{
_logger.LogError(refreshResult.Output);
}
break;
}
await workspace.RetrieveState(workingDir);
await _db.SaveChangesAsync();
workspace.CleanupFileSystem(_terraformOptions.RootWorkingDirectory);
}
return(workspace);
}
/// <summary>
/// 組合出AuthorizationContext交給ClaimsAuthorizationManager去做是否有權限的判斷
/// </summary>
/// <param name="principal">目前的Principal</param>
/// <param name="resourceOperation">要檢查的ResourceOperation</param>
/// <returns>true,表示有權限,要不然就是fals</returns>
public bool CheckAccess(ClaimsPrincipal principal, ResourceOperation resourceOperation)
{
var authorisationContext = CreateAuthorizationContext(principal, resourceOperation);
return(AuthorizationManager.CheckAccess(authorisationContext));
}
public ResourceOperationRequirement(ResourceOperation resourceOperation)
{
ResourceOperation = resourceOperation;
}
public async Task ServerCloseOnSslNegotiationCompleteAsyncTest()
{
using (FaultyServer server = new FaultyServer())
{
server.OnConnectionEvent += (sender, args) =>
{
if (args.EventType == FaultyServer.ConnectionEventType.SslNegotiationComplete)
{
RntbdTests.RandomSleep();
args.Close = true;
}
};
try
{
await server.StartAsync();
Dictionary <OperationType, ResourceOperation> operationMap =
new Dictionary <OperationType, ResourceOperation>
{
[OperationType.Read] = ResourceOperation.ReadDocument,
[OperationType.Upsert] = ResourceOperation.UpsertDocument,
};
foreach (OperationType operationType in new OperationType[]
{
OperationType.Read,
OperationType.Upsert
})
{
TimeSpan runTime = TimeSpan.FromSeconds(10.0);
Stopwatch sw = Stopwatch.StartNew();
while (sw.Elapsed < runTime)
{
Guid activityId = Guid.NewGuid();
Trace.CorrelationManager.ActivityId = activityId;
using (Rntbd.Channel channel = new Rntbd.Channel(
server.Uri,
RntbdTests.GetChannelProperties()))
{
channel.Initialize(activityId);
try
{
ResourceType resourceType = ResourceType.Document;
ResourceOperation resourceOperation = operationMap[operationType];
StoreResponse response = await channel.RequestAsync(
DocumentServiceRequest.Create(
operationType,
resourceType,
AuthorizationTokenType.SecondaryReadonlyMasterKey),
new Uri(server.Uri, "foo/bar/baz"),
resourceOperation,
activityId);
}
catch (TransportException e)
{
Assert.AreEqual(activityId, e.ActivityId);
Assert.IsTrue(
(e.ErrorCode == TransportErrorCode.ReceiveFailed) ||
(e.ErrorCode == TransportErrorCode.SslNegotiationFailed) ||
(e.ErrorCode == TransportErrorCode.ReceiveStreamClosed),
"Expected ReceiveFailed or ReceiveStreamClosed. Actual: {0}",
e.ErrorCode);
Exception rootCause = e.GetBaseException();
if (e.Equals(rootCause))
{
return;
}
SocketException socketException = rootCause as SocketException;
if (socketException != null)
{
if (socketException.SocketErrorCode != SocketError.ConnectionReset &&
socketException.SocketErrorCode != SocketError.ConnectionAborted)
{
Assert.Fail(
"Expected connection reset or " +
"connection aborted. Actual: {0}",
socketException.SocketErrorCode.ToString());
}
}
else
{
IOException ioException = rootCause as IOException;
Assert.IsTrue(ioException != null,
"Expected IOException. Actual: {0} ({1})",
rootCause.Message, rootCause.GetType());
}
}
}
}
}
}
finally
{
await server.StopAsync();
}
}
}
