diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-09-23 10:23:42 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-23 10:23:42 +0200 |
commit | eab6470364b66d261ce8f9669cd22ffe4ff0bf80 (patch) | |
tree | 3200a1275c61b2c8e4eefc2edd7e9fa34e8ef875 /controller-api | |
parent | 7ceac5336eb5b1334fa63a493a66acb1918e51d8 (diff) | |
parent | 4b8cebdb56aaf99ff31a5b761ed346e6931f6a3a (diff) |
Merge pull request #19256 from vespa-engine/bjorncs/s3-athenz-access-control
Bjorncs/s3 athenz access control
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index f02ba85c9bf..42a5e2b42be 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -17,6 +17,7 @@ import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; import java.time.Instant; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Optional; @@ -80,6 +81,25 @@ public class ZmsClientMock implements ZmsClient { } @Override + public void createTenantResourceGroup(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup, + Set<RoleAction> roleActions) { + log("createTenantResourceGroup(tenantDomain='%s', resourceGroup='%s')", tenantDomain, resourceGroup); + AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, true); + ApplicationId applicationId = new ApplicationId(resourceGroup); + if (!domain.applications.containsKey(applicationId)) { + domain.applications.put(applicationId, new AthenzDbMock.Application()); + } + } + + @Override + public Set<RoleAction> getTenantResourceGroups(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup) { + Set<RoleAction> result = new HashSet<>(); + getDomainOrThrow(tenantDomain, true).applications.get(resourceGroup).acl + .forEach((role, roleMembers) -> result.add(new RoleAction(role.roleName, role.roleName))); + return result; + } + + @Override public void addRoleMember(AthenzRole role, AthenzIdentity member, Optional<String> reason) { if ( ! role.roleName().equals("tenancy.vespa.hosting.admin")) throw new IllegalArgumentException("Mock only supports adding tenant admins, not " + role.roleName()); |