Implement listMembers

author: Morten Tokle <mortent@verizonmedia.com> 2021-06-03 11:19:25 +0200
committer: Morten Tokle <mortent@verizonmedia.com> 2021-06-03 11:19:25 +0200
commit: d4a0b5486f49a24f2c002a813cdeba3674ce21ad (patch)
tree: 8bc9ed21c6f74a0f29ac83d57c5bf3e207436ec0
parent: 2e331d2a6096920bd268efe325b5d96633c189ad (diff)
5 files changed, 28 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 1472f03ebca..233759f47a7 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -10,6 +10,7 @@ import com.yahoo.vespa.athenz.client.zms.ZmsClient;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.List;
+import java.util.stream.Collectors;
 
 public class AthenzAccessControlService implements AccessControlService {
 
@@ -34,7 +35,11 @@ public class AthenzAccessControlService implements AccessControlService {
     }
 
     @Override
+    // Return list of approved members (users, excluding services) of data plane role
     public Collection<AthenzUser> listMembers() {
-        throw new UnsupportedOperationException("Not implemented");
+        return zmsClient.listMembers(dataPlaneAccessRole)
+                .stream().filter(AthenzUser.class::isInstance)
+                .map(AthenzUser.class::cast)
+                .collect(Collectors.toList());
     }
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
index 6509bd40ebf..deeecf217e7 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
@@ -156,6 +156,10 @@ public class ZmsClientMock implements ZmsClient {
     public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry) {
     }
 
+    @Override
+    public List<AthenzIdentity> listMembers(AthenzRole athenzRole) {
+        return List.of();
+    }
 
     @Override
     public void close() {}
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
index 9ee599b22eb..f73ac9c3535 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
@@ -33,6 +33,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.OptionalInt;
 import java.util.Set;
+import java.util.function.Function;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
@@ -230,6 +231,17 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
         execute(request, response -> readEntity(response, Void.class));
     }
 
+    @Override
+    public List<AthenzIdentity> listMembers(AthenzRole athenzRole) {
+        URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s", athenzRole.domain().getName(), athenzRole.roleName()));
+        RoleEntity execute = execute(RequestBuilder.get(uri).build(), response -> readEntity(response, RoleEntity.class));
+        return execute.roleMembers().stream()
+                .filter(member -> ! member.pendingApproval())
+                .map(RoleEntity.Member::memberName)
+                .map(AthenzIdentities::from)
+                .collect(Collectors.toList());
+    }
+
     private static Header createCookieHeaderWithOktaTokens(OktaIdentityToken identityToken, OktaAccessToken accessToken) {
         return new BasicHeader("Cookie", String.format("okta_at=%s; okta_it=%s", accessToken.token(), identityToken.token()));
     }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
index 8afa9000ed1..15e8ba77850 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
@@ -48,5 +48,7 @@ public interface ZmsClient extends AutoCloseable {
 
     void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry);
 
+    List<AthenzIdentity> listMembers(AthenzRole athenzRole);
+
     void close();
 }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java
index e5bcc4d977e..5babe292138 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java
@@ -8,6 +8,9 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 
 import java.util.List;
 
+/**
+ * @author mortent
+ */
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class RoleEntity {
     private final String roleName;
@@ -27,6 +30,7 @@ public class RoleEntity {
         return roleMembers;
     }
 
+    @JsonIgnoreProperties(ignoreUnknown = true)
     public static final class Member {
         private final String memberName;
         private final boolean active;
author	Morten Tokle <mortent@verizonmedia.com>	2021-06-03 11:19:25 +0200
committer	Morten Tokle <mortent@verizonmedia.com>	2021-06-03 11:19:25 +0200
commit	d4a0b5486f49a24f2c002a813cdeba3674ce21ad (patch)
tree	8bc9ed21c6f74a0f29ac83d57c5bf3e207436ec0
parent	2e331d2a6096920bd268efe325b5d96633c189ad (diff)