Merge pull request #19256 from vespa-engine/bjorncs/s3-athenz-access-control

Bjorncs/s3 athenz access control
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-09-23 10:23:42 +0200
committer: GitHub <noreply@github.com> 2021-09-23 10:23:42 +0200
commit: eab6470364b66d261ce8f9669cd22ffe4ff0bf80 (patch)
tree: 3200a1275c61b2c8e4eefc2edd7e9fa34e8ef875 /controller-api
parent: 7ceac5336eb5b1334fa63a493a66acb1918e51d8 (diff)
parent: 4b8cebdb56aaf99ff31a5b761ed346e6931f6a3a (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
index f02ba85c9bf..42a5e2b42be 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
@@ -17,6 +17,7 @@ import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId;
 
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -80,6 +81,25 @@ public class ZmsClientMock implements ZmsClient {
     }
 
     @Override
+    public void createTenantResourceGroup(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup,
+                                          Set<RoleAction> roleActions) {
+        log("createTenantResourceGroup(tenantDomain='%s', resourceGroup='%s')", tenantDomain, resourceGroup);
+        AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, true);
+        ApplicationId applicationId = new ApplicationId(resourceGroup);
+        if (!domain.applications.containsKey(applicationId)) {
+            domain.applications.put(applicationId, new AthenzDbMock.Application());
+        }
+    }
+
+    @Override
+    public Set<RoleAction> getTenantResourceGroups(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup) {
+        Set<RoleAction> result = new HashSet<>();
+        getDomainOrThrow(tenantDomain, true).applications.get(resourceGroup).acl
+                .forEach((role, roleMembers) -> result.add(new RoleAction(role.roleName, role.roleName)));
+        return result;
+    }
+
+    @Override
     public void addRoleMember(AthenzRole role, AthenzIdentity member, Optional<String> reason) {
         if ( ! role.roleName().equals("tenancy.vespa.hosting.admin"))
             throw new IllegalArgumentException("Mock only supports adding tenant admins, not " + role.roleName());
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-09-23 10:23:42 +0200
committer	GitHub <noreply@github.com>	2021-09-23 10:23:42 +0200
commit	eab6470364b66d261ce8f9669cd22ffe4ff0bf80 (patch)
tree	3200a1275c61b2c8e4eefc2edd7e9fa34e8ef875 /controller-api
parent	7ceac5336eb5b1334fa63a493a66acb1918e51d8 (diff)
parent	4b8cebdb56aaf99ff31a5b761ed346e6931f6a3a (diff)