No throw on s3 write when throw_on_s3_write_exception is set to false f

Author: clarkxuyang

src/main/java/com/uid2/admin/AdminConst.java

@@ -2,6 +2,7 @@
 
 public class AdminConst {
     public static String enableKeysetConfigProp = "enable_keysets";
+    public static final String throwOnS3WriteException = "throw_on_s3_write_exception";
     public static final String ROLE_OKTA_GROUP_MAP_MAINTAINER = "role_okta_group_map_maintainer";
     public static final String ROLE_OKTA_GROUP_MAP_PRIVILEGED = "role_okta_group_map_privileged";
     public static final String ROLE_OKTA_GROUP_MAP_SUPER_USER = "role_okta_group_map_super_user";

src/main/java/com/uid2/admin/Main.java

@@ -68,6 +68,7 @@
 import java.util.concurrent.CompletableFuture;
 
 import static com.uid2.admin.AdminConst.enableKeysetConfigProp;
+import static com.uid2.admin.AdminConst.throwOnS3WriteException;
 
 public class Main {
     private static final Logger LOGGER = LoggerFactory.getLogger(Main.class);
@@ -291,8 +292,9 @@ public void run() {
                 }
             }
 
+            boolean bThrowOnS3WriteException = config.getBoolean(throwOnS3WriteException, true);
             synchronized (writeLock) {
-                cloudEncryptionKeyManager.backfillKeys();
+                cloudEncryptionKeyManager.backfillKeys(bThrowOnS3WriteException);
                 rotatingCloudEncryptionKeyProvider.loadContent();
             }
 

src/main/java/com/uid2/admin/cloudencryption/CloudEncryptionKeyManager.java

@@ -63,7 +63,7 @@ public void rotateKeys(boolean shouldFail) throws Exception {
     }
 
     // For any site that has an operator, if there are no keys, create a key activating now
-    public void backfillKeys() throws Exception {
+    public void backfillKeys(boolean throwOnS3WriteException) throws Exception {
         try {
             refreshCloudData();
             var desiredKeys = planner.planBackfill(existingKeys, operatorKeys);
@@ -72,7 +72,9 @@ public void backfillKeys() throws Exception {
             LOGGER.info("Key backfill complete. Diff: {}", diff);
         } catch (Exception e) {
             LOGGER.error("Key backfill failed", e);
-            throw e;
+            if (throwOnS3WriteException) {
+                throw e;
+            }
         }
     }
 

src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java

@@ -28,6 +28,7 @@
 import java.util.stream.Collectors;
 
 import static com.uid2.admin.vertx.Endpoints.*;
+import static com.uid2.admin.AdminConst.throwOnS3WriteException;
 
 public class OperatorKeyService implements IService {
     private static final Logger LOGGER = LoggerFactory.getLogger(OperatorKeyService.class);
@@ -48,7 +49,9 @@ public class OperatorKeyService implements IService {
     private final IKeyGenerator keyGenerator;
     private final KeyHasher keyHasher;
     private final String operatorKeyPrefix;
+    
     private final CloudEncryptionKeyManager cloudEncryptionKeyManager;
+    private boolean bThrowOnS3WriteException;
 
     public OperatorKeyService(JsonObject config,
                               AdminAuthMiddleware auth,
@@ -69,6 +72,7 @@ public OperatorKeyService(JsonObject config,
         this.cloudEncryptionKeyManager = cloudEncryptionKeyManager;
 
         this.operatorKeyPrefix = config.getString("operator_key_prefix");
+        this.bThrowOnS3WriteException = config.getBoolean(throwOnS3WriteException, true);
     }
 
     @Override
@@ -273,7 +277,7 @@ private void handleOperatorAdd(RoutingContext rc) {
             operatorKeyStoreWriter.upload(operators);
 
             // generate cloud encryption keys as needed
-            cloudEncryptionKeyManager.backfillKeys();
+            cloudEncryptionKeyManager.backfillKeys(bThrowOnS3WriteException);
 
             // respond with new key
             rc.response().end(JSON_WRITER.writeValueAsString(new RevealedKey<>(newOperator, key)));
@@ -412,7 +416,7 @@ private void handleOperatorUpdate(RoutingContext rc) {
             operatorKeyStoreWriter.upload(operators);
 
             if (siteIdChanged) {
-                cloudEncryptionKeyManager.backfillKeys();
+                cloudEncryptionKeyManager.backfillKeys(bThrowOnS3WriteException);
             }
 
             // return the updated client

src/test/java/com/uid2/admin/vertx/OperatorKeyServiceTest.java

@@ -276,7 +276,7 @@ public void operatorAddGeneratesCloudEncryptionKeys(Vertx vertx, VertxTestContex
                         "operatorAddGeneratesCloudEncryptionKeys",
                         () -> assertEquals(200, response.statusCode()),
                         () -> assertNotNull(revealedOperator.getAuthorizable()),
-                        () -> verify(cloudEncryptionKeyManager).backfillKeys()
+                        () -> verify(cloudEncryptionKeyManager).backfillKeys(true)
                 );
                 testContext.completeNow();
             } catch (Exception e) {
@@ -301,7 +301,7 @@ public void operatorUpdateSiteIdGeneratesCloudEncryptionKeys(Vertx vertx, VertxT
                         () -> assertEquals(200, response.statusCode()),
                         () -> assertEquals(5, updatedOperator.getSiteId()),
                         () -> assertNotEquals(1, updatedOperator.getSiteId()),
-                        () -> verify(cloudEncryptionKeyManager).backfillKeys()
+                        () -> verify(cloudEncryptionKeyManager).backfillKeys(true)
                 );
                 testContext.completeNow();
             } catch (Exception e) {
@@ -325,7 +325,7 @@ public void operatorUpdateWithoutSiteIdChangeDoesNotGenerateCloudEncryptionKeys(
                         "operatorUpdateWithoutSiteIdChangeDoesNotGenerateCloudEncryptionKeys",
                         () -> assertEquals(200, response.statusCode()),
                         () -> assertEquals(existingOperator.getSiteId(), updatedOperator.getSiteId()),
-                        () -> verify(cloudEncryptionKeyManager, never()).backfillKeys()
+                        () -> verify(cloudEncryptionKeyManager, never()).backfillKeys(true)
                 );
                 testContext.completeNow();
             } catch (Exception e) {