list(Policies/Roles) (#19059)

author: Morten Tokle <mortent@verizonmedia.com> 2021-09-10 10:30:23 +0200
committer: GitHub <noreply@github.com> 2021-09-10 10:30:23 +0200
commit: 34adf677b98abd47a2c75f43287878ac8ccef8fc (patch)
tree: 441d9da5bbecfb2e799553ddf7f12b90066974d5 /controller-api
parent: bb4ee4e9c053ca4f341eaa5490a850e13ea37f5c (diff)
2 files changed, 35 insertions, 6 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java
index c87a01a7f37..899e3174df9 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java
@@ -52,7 +52,7 @@ public class AthenzDbMock {
 
         public Domain admin(AthenzIdentity identity) {
             admins.add(identity);
-            policies.add(new Policy(identity.getFullName(), ".*", ".*"));
+            policies.add(new Policy("admin", identity.getFullName(), ".*", ".*"));
             return this;
         }
 
@@ -67,7 +67,7 @@ public class AthenzDbMock {
         }
 
         public Domain withPolicy(String principalRegex, String operation, String resource) {
-            policies.add(new Policy(principalRegex, operation, resource));
+            policies.add(new Policy("admin", principalRegex, operation, resource));
             return this;
         }
 
@@ -106,16 +106,22 @@ public class AthenzDbMock {
     }
 
     public static class Policy {
+        private final String name;
         private final Pattern principal;
         private final Pattern action;
         private final Pattern resource;
 
-        public Policy(String principal, String action, String resource) {
+        public Policy(String name, String principal, String action, String resource) {
+            this.name = name;
             this.principal = Pattern.compile(principal);
             this.action = Pattern.compile(action);
             this.resource = Pattern.compile(resource);
         }
 
+        public String name() {
+            return name;
+        }
+
         public boolean principalMatches(AthenzIdentity athenzIdentity) {
             return this.principal.matcher(athenzIdentity.getFullName()).matches();
         }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
index 63a2729baf4..77a49c6cbff 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
@@ -148,12 +148,17 @@ public class ZmsClientMock implements ZmsClient {
 
     @Override
     public void createPolicy(AthenzDomain athenzDomain, String athenzPolicy) {
-        // Noop
+        List<AthenzDbMock.Policy> policies = athenz.getOrCreateDomain(athenzDomain).policies;
+        if (policies.stream().anyMatch(p -> p.name().equals(athenzPolicy))) {
+            throw new IllegalArgumentException("Policy already exists");
+        }
+
+        // Policy will be created in the mock when an assertion is added
     }
 
     @Override
     public void addPolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) {
-        athenz.getOrCreateDomain(athenzDomain).policies.add(new AthenzDbMock.Policy(athenzRole.roleName(), action, resourceName.toResourceNameString()));
+        athenz.getOrCreateDomain(athenzDomain).policies.add(new AthenzDbMock.Policy(athenzPolicy, athenzRole.roleName(), action, resourceName.toResourceNameString()));
     }
 
     @Override
@@ -194,7 +199,25 @@ public class ZmsClientMock implements ZmsClient {
 
     @Override
     public void createRole(AthenzRole role, Map<String, Object> properties) {
-        athenz.getOrCreateDomain(role.domain()).roles.add(new AthenzDbMock.Role(role.roleName()));
+        List<AthenzDbMock.Role> roles = athenz.getOrCreateDomain(role.domain()).roles;
+        if (roles.stream().anyMatch(r -> r.name().equals(role.roleName()))) {
+            throw new IllegalArgumentException("Role already exists");
+        }
+        roles.add(new AthenzDbMock.Role(role.roleName()));
+    }
+
+    @Override
+    public Set<AthenzRole> listRoles(AthenzDomain domain) {
+        return athenz.getOrCreateDomain(domain).roles.stream()
+                .map(role -> new AthenzRole(domain, role.name()))
+                .collect(Collectors.toSet());
+    }
+
+    @Override
+    public Set<String> listPolicies(AthenzDomain domain) {
+        return athenz.getOrCreateDomain(domain).policies.stream()
+                .map(AthenzDbMock.Policy::name)
+                .collect(Collectors.toSet());
     }
 
     @Override
author	Morten Tokle <mortent@verizonmedia.com>	2021-09-10 10:30:23 +0200
committer	GitHub <noreply@github.com>	2021-09-10 10:30:23 +0200
commit	34adf677b98abd47a2c75f43287878ac8ccef8fc (patch)
tree	441d9da5bbecfb2e799553ddf7f12b90066974d5 /controller-api
parent	bb4ee4e9c053ca4f341eaa5490a850e13ea37f5c (diff)