diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-20 15:51:17 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-21 12:30:52 +0200 |
commit | b7b2ef4d5221ee069880f6412b6d9f5362c730f4 (patch) | |
tree | c58c6d81faa8f42bcf26a11173d4c3f49efcf92f | |
parent | 6d626db4ec8f29f57e3947350007bd366d0dfb1b (diff) |
Rename 'AccessCheckResult' -> 'AuthorizationResult'
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java | 10 | ||||
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java | 20 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/AuthorizationResult.java (renamed from vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/AccessCheckResult.java) | 6 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/DefaultZpe.java | 8 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/Zpe.java | 4 |
5 files changed, 24 insertions, 24 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java index d586983138e..74e0ee36959 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java @@ -13,7 +13,7 @@ import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.ZToken; import com.yahoo.vespa.athenz.tls.AthenzX509CertificateUtils; -import com.yahoo.vespa.athenz.zpe.AccessCheckResult; +import com.yahoo.vespa.athenz.zpe.AuthorizationResult; import com.yahoo.vespa.athenz.zpe.DefaultZpe; import com.yahoo.vespa.athenz.zpe.Zpe; @@ -120,12 +120,12 @@ public class AthenzAuthorizationFilter extends JsonSecurityRequestFilterBase { DiscFilterRequest request, ZpeCheck<C> accessCheck, Function<C, AthenzPrincipal> principalFactory) { - AccessCheckResult accessCheckResult = accessCheck.checkAccess(credentials, resAndAction.resourceName(), resAndAction.action()); - if (accessCheckResult == AccessCheckResult.ALLOW) { + AuthorizationResult authorizationResult = accessCheck.checkAccess(credentials, resAndAction.resourceName(), resAndAction.action()); + if (authorizationResult == AuthorizationResult.ALLOW) { request.setUserPrincipal(principalFactory.apply(credentials)); return Optional.empty(); } - return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access forbidden: " + accessCheckResult.getDescription())); + return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access forbidden: " + authorizationResult.getDescription())); } private static AthenzPrincipal createPrincipal(X509Certificate certificate) { @@ -139,7 +139,7 @@ public class AthenzAuthorizationFilter extends JsonSecurityRequestFilterBase { } @FunctionalInterface private interface ZpeCheck<C> { - AccessCheckResult checkAccess(C credentials, AthenzResourceName resourceName, String action); + AuthorizationResult checkAccess(C credentials, AthenzResourceName resourceName, String action); } } diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index ff7f9af11c6..6137cfe9751 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -5,7 +5,7 @@ import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.ZToken; -import com.yahoo.vespa.athenz.zpe.AccessCheckResult; +import com.yahoo.vespa.athenz.zpe.AuthorizationResult; import com.yahoo.vespa.athenz.zpe.Zpe; import org.junit.Test; import org.mockito.Mockito; @@ -63,7 +63,7 @@ public class AthenzAuthorizationFilterTest { assertNotNull(response); assertEquals(403, response.getStatus()); String content = responseHandler.readAll(); - assertThat(content, containsString(AccessCheckResult.DENY.getDescription())); + assertThat(content, containsString(AuthorizationResult.DENY.getDescription())); } private static DiscFilterRequest createRequest() { @@ -78,25 +78,25 @@ public class AthenzAuthorizationFilterTest { static class AllowingZpe implements Zpe { @Override - public AccessCheckResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return AccessCheckResult.ALLOW; + public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { + return AuthorizationResult.ALLOW; } @Override - public AccessCheckResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return AccessCheckResult.ALLOW; + public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { + return AuthorizationResult.ALLOW; } } static class DenyingZpe implements Zpe { @Override - public AccessCheckResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return AccessCheckResult.DENY; + public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { + return AuthorizationResult.DENY; } @Override - public AccessCheckResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return AccessCheckResult.ALLOW; + public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { + return AuthorizationResult.ALLOW; } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/AccessCheckResult.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/AuthorizationResult.java index 20f95df566f..faf05011af9 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/AccessCheckResult.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/AuthorizationResult.java @@ -10,7 +10,7 @@ import java.util.Arrays; * * @author bjorncs */ -public enum AccessCheckResult { +public enum AuthorizationResult { ALLOW(AccessCheckStatus.ALLOW), DENY(AccessCheckStatus.DENY), DENY_NO_MATCH(AccessCheckStatus.DENY_NO_MATCH), @@ -28,7 +28,7 @@ public enum AccessCheckResult { private final AccessCheckStatus wrappedElement; - AccessCheckResult(AccessCheckStatus wrappedElement) { + AuthorizationResult(AccessCheckStatus wrappedElement) { this.wrappedElement = wrappedElement; } @@ -36,7 +36,7 @@ public enum AccessCheckResult { return wrappedElement.toString(); } - static AccessCheckResult fromAccessCheckStatus(AccessCheckStatus accessCheckStatus) { + static AuthorizationResult fromAccessCheckStatus(AccessCheckStatus accessCheckStatus) { return Arrays.stream(values()) .filter(value -> value.wrappedElement == accessCheckStatus) .findFirst() diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/DefaultZpe.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/DefaultZpe.java index d7365a6d727..a02d9c7a97a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/DefaultZpe.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/DefaultZpe.java @@ -15,14 +15,14 @@ import java.security.cert.X509Certificate; */ public class DefaultZpe implements Zpe { @Override - public AccessCheckResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return AccessCheckResult.fromAccessCheckStatus( + public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { + return AuthorizationResult.fromAccessCheckStatus( AuthZpeClient.allowAccess(roleToken.getRawToken(), resourceName.toResourceNameString(), action)); } @Override - public AccessCheckResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return AccessCheckResult.fromAccessCheckStatus( + public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { + return AuthorizationResult.fromAccessCheckStatus( AuthZpeClient.allowAccess(roleCertificate, resourceName.toResourceNameString(), action)); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/Zpe.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/Zpe.java index d2599a7dc76..e22e27f1508 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/Zpe.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/zpe/Zpe.java @@ -12,6 +12,6 @@ import java.security.cert.X509Certificate; * @author bjorncs */ public interface Zpe { - AccessCheckResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action); - AccessCheckResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action); + AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action); + AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action); } |