diff options
author | Bjørn Christian Seime <bjorncs@vespa.ai> | 2024-01-29 07:53:44 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@vespa.ai> | 2024-01-29 07:53:44 +0100 |
commit | a8e44e20d15093d1aadeba946fea75b7674dc00c (patch) | |
tree | 72e657ff53ad37f689086d16981343207b2bf1b0 /config-model/src/main/java/com/yahoo/vespa/model/container/http | |
parent | 6992a234c6e474dbe95e446bd1cdc50bdb452414 (diff) |
Revert "Revert "Validate applied permissions in config model""
This reverts commit 1c97bdea2713238c87e44440cb03c913911090d2.
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java index 29222817d17..e4abef4eb33 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Client.java @@ -4,28 +4,36 @@ package com.yahoo.vespa.model.container.http; import com.yahoo.config.provision.DataplaneToken; import java.security.cert.X509Certificate; +import java.util.Collection; import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import static com.yahoo.vespa.model.container.http.Client.Permission.READ; +import static com.yahoo.vespa.model.container.http.Client.Permission.WRITE; /** * Represents a client. The client is identified by one of the provided certificates and have a set of permissions. * * @author mortent + * @author bjorncs */ public class Client { private final String id; - private final List<String> permissions; + private final Set<Permission> permissions; private final List<X509Certificate> certificates; private final List<DataplaneToken> tokens; private final boolean internal; - public Client(String id, List<String> permissions, List<X509Certificate> certificates, List<DataplaneToken> tokens) { + public Client(String id, Collection<Permission> permissions, List<X509Certificate> certificates, List<DataplaneToken> tokens) { this(id, permissions, certificates, tokens, false); } - private Client(String id, List<String> permissions, List<X509Certificate> certificates, List<DataplaneToken> tokens, + private Client(String id, Collection<Permission> permissions, List<X509Certificate> certificates, List<DataplaneToken> tokens, boolean internal) { this.id = id; - this.permissions = List.copyOf(permissions); + this.permissions = Set.copyOf(permissions); this.certificates = List.copyOf(certificates); this.tokens = List.copyOf(tokens); this.internal = internal; @@ -35,7 +43,7 @@ public class Client { return id; } - public List<String> permissions() { + public Set<Permission> permissions() { return permissions; } @@ -50,6 +58,29 @@ public class Client { } public static Client internalClient(List<X509Certificate> certificates) { - return new Client("_internal", List.of("read","write"), certificates, List.of(), true); + return new Client("_internal", Set.of(READ, WRITE), certificates, List.of(), true); + } + + public enum Permission { + READ, WRITE; + + public String asString() { + return switch (this) { + case READ -> "read"; + case WRITE -> "write"; + }; + } + + public static Permission fromString(String v) { + return switch (v) { + case "read" -> READ; + case "write" -> WRITE; + default -> throw new IllegalArgumentException("Invalid permission '%s'. Valid values are 'read' and 'write'.".formatted(v)); + }; + } + + public static Set<Permission> fromCommaSeparatedString(String str) { + return Stream.of(str.split(",")).map(v -> Permission.fromString(v.strip())).collect(Collectors.toSet()); + } } } |