Add expiry to SecurityContext

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-09-22 14:32:12 +0200
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-09-22 14:38:51 +0200
commit: ca111fa6aff4f69a657a366b03745cf65e6c68d0 (patch)
tree: 93b0366c020f4785367543d0eb49c0bb72b48ca2 /controller-api/src
parent: aafc1ce1431c1fe6e7068934153c9860f6aa49b9 (diff)
1 files changed, 18 insertions, 9 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
index 521b0c00316..85f42eecc58 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
@@ -16,15 +16,21 @@ public class SecurityContext {
     private final Principal principal;
     private final Set<Role> roles;
     private final Instant issuedAt;
+    private final Instant expiresAt;
 
     public SecurityContext(Principal principal, Set<Role> roles, Instant issuedAt) {
+        this(principal, roles, issuedAt, Instant.MAX);
+    }
+
+    public SecurityContext(Principal principal, Set<Role> roles, Instant issuedAt, Instant expiresAt) {
         this.principal = Objects.requireNonNull(principal);
         this.roles = Set.copyOf(roles);
         this.issuedAt = Objects.requireNonNull(issuedAt);
+        this.expiresAt = Objects.requireNonNull(expiresAt);
     }
 
     public SecurityContext(Principal principal, Set<Role> roles) {
-        this(principal, roles, Instant.EPOCH);
+        this(principal, roles, Instant.EPOCH, Instant.MAX);
     }
 
     public Principal principal() {
@@ -39,28 +45,31 @@ public class SecurityContext {
         return issuedAt;
     }
 
+    /** @return credential expiration or {@link Instant#MAX} is not available */
+    public Instant expiresAt() { return expiresAt; }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
         SecurityContext that = (SecurityContext) o;
-        return Objects.equals(principal, that.principal) &&
-               Objects.equals(roles, that.roles) &&
-               Objects.equals(issuedAt, that.issuedAt);
+        return Objects.equals(principal, that.principal) && Objects.equals(roles, that.roles)
+                && Objects.equals(issuedAt, that.issuedAt) && Objects.equals(expiresAt, that.expiresAt);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(principal, roles, issuedAt);
+        return Objects.hash(principal, roles, issuedAt, expiresAt);
     }
 
     @Override
     public String toString() {
         return "SecurityContext{" +
-               "principal=" + principal +
-               ", roles=" + roles +
-               ", issuedAt=" + issuedAt +
-               '}';
+                "principal=" + principal +
+                ", roles=" + roles +
+                ", issuedAt=" + issuedAt +
+                ", expiresAt=" + expiresAt +
+                '}';
     }
 
 }
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-09-22 14:32:12 +0200
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-09-22 14:38:51 +0200
commit	ca111fa6aff4f69a657a366b03745cf65e6c68d0 (patch)
tree	93b0366c020f4785367543d0eb49c0bb72b48ca2 /controller-api/src
parent	aafc1ce1431c1fe6e7068934153c9860f6aa49b9 (diff)