diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-09-10 10:30:23 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-10 10:30:23 +0200 |
commit | 34adf677b98abd47a2c75f43287878ac8ccef8fc (patch) | |
tree | 441d9da5bbecfb2e799553ddf7f12b90066974d5 /controller-api | |
parent | bb4ee4e9c053ca4f341eaa5490a850e13ea37f5c (diff) |
list(Policies/Roles) (#19059)
Diffstat (limited to 'controller-api')
2 files changed, 35 insertions, 6 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java index c87a01a7f37..899e3174df9 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java @@ -52,7 +52,7 @@ public class AthenzDbMock { public Domain admin(AthenzIdentity identity) { admins.add(identity); - policies.add(new Policy(identity.getFullName(), ".*", ".*")); + policies.add(new Policy("admin", identity.getFullName(), ".*", ".*")); return this; } @@ -67,7 +67,7 @@ public class AthenzDbMock { } public Domain withPolicy(String principalRegex, String operation, String resource) { - policies.add(new Policy(principalRegex, operation, resource)); + policies.add(new Policy("admin", principalRegex, operation, resource)); return this; } @@ -106,16 +106,22 @@ public class AthenzDbMock { } public static class Policy { + private final String name; private final Pattern principal; private final Pattern action; private final Pattern resource; - public Policy(String principal, String action, String resource) { + public Policy(String name, String principal, String action, String resource) { + this.name = name; this.principal = Pattern.compile(principal); this.action = Pattern.compile(action); this.resource = Pattern.compile(resource); } + public String name() { + return name; + } + public boolean principalMatches(AthenzIdentity athenzIdentity) { return this.principal.matcher(athenzIdentity.getFullName()).matches(); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index 63a2729baf4..77a49c6cbff 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -148,12 +148,17 @@ public class ZmsClientMock implements ZmsClient { @Override public void createPolicy(AthenzDomain athenzDomain, String athenzPolicy) { - // Noop + List<AthenzDbMock.Policy> policies = athenz.getOrCreateDomain(athenzDomain).policies; + if (policies.stream().anyMatch(p -> p.name().equals(athenzPolicy))) { + throw new IllegalArgumentException("Policy already exists"); + } + + // Policy will be created in the mock when an assertion is added } @Override public void addPolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) { - athenz.getOrCreateDomain(athenzDomain).policies.add(new AthenzDbMock.Policy(athenzRole.roleName(), action, resourceName.toResourceNameString())); + athenz.getOrCreateDomain(athenzDomain).policies.add(new AthenzDbMock.Policy(athenzPolicy, athenzRole.roleName(), action, resourceName.toResourceNameString())); } @Override @@ -194,7 +199,25 @@ public class ZmsClientMock implements ZmsClient { @Override public void createRole(AthenzRole role, Map<String, Object> properties) { - athenz.getOrCreateDomain(role.domain()).roles.add(new AthenzDbMock.Role(role.roleName())); + List<AthenzDbMock.Role> roles = athenz.getOrCreateDomain(role.domain()).roles; + if (roles.stream().anyMatch(r -> r.name().equals(role.roleName()))) { + throw new IllegalArgumentException("Role already exists"); + } + roles.add(new AthenzDbMock.Role(role.roleName())); + } + + @Override + public Set<AthenzRole> listRoles(AthenzDomain domain) { + return athenz.getOrCreateDomain(domain).roles.stream() + .map(role -> new AthenzRole(domain, role.name())) + .collect(Collectors.toSet()); + } + + @Override + public Set<String> listPolicies(AthenzDomain domain) { + return athenz.getOrCreateDomain(domain).policies.stream() + .map(AthenzDbMock.Policy::name) + .collect(Collectors.toSet()); } @Override |