diff options
| author | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-02-18 18:23:23 +0100 |
|---|---|---|
| committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-02-21 09:04:11 +0100 |
| commit | d9c1e4ba27155469ce2f542b4b6e0b5f70242096 (patch) | |
| tree | 864b7346039e59a06ae6055c15af2eb85ab2f134 /controller-api | |
| parent | a294cb2b68d5989572b3a74886c8bf3be225e715 (diff) | |
Pass along auth0 credentials to ZMS
Diffstat (limited to 'controller-api')
4 files changed, 9 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java index c1d70bf297d..a08319055ff 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.athenz.api.AthenzUser; +import com.yahoo.vespa.athenz.api.OAuthCredentials; import java.time.Instant; import java.util.Collection; @@ -15,7 +16,7 @@ import java.util.Collection; */ public interface AccessControlService { boolean approveDataPlaneAccess(AthenzUser user, Instant expiry); - boolean approveSshAccess(TenantName tenantName, Instant expiry); + boolean approveSshAccess(TenantName tenantName, Instant expiry, OAuthCredentials oAuthCredentials); boolean requestSshAccess(TenantName tenantName); boolean hasPendingAccessRequests(TenantName tenantName); Collection<AthenzUser> listMembers(); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index b01f6bb5208..0568678219e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -8,6 +8,7 @@ import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AthenzUser; +import com.yahoo.vespa.athenz.api.OAuthCredentials; import com.yahoo.vespa.athenz.client.zms.ZmsClient; import java.time.Instant; @@ -42,7 +43,7 @@ public class AthenzAccessControlService implements AccessControlService { } Map<AthenzIdentity, String> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole); if (users.containsKey(user)) { - zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry, Optional.empty()); + zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry, Optional.empty(), Optional.empty()); return true; } return false; @@ -73,7 +74,7 @@ public class AthenzAccessControlService implements AccessControlService { * @return true if access has been granted - false if already member */ @Override - public boolean approveSshAccess(TenantName tenantName, Instant expiry) { + public boolean approveSshAccess(TenantName tenantName, Instant expiry, OAuthCredentials oAuthCredentials) { var role = sshRole(tenantName); if (!vespaZmsClient.listRoles(role.domain()).contains(role)) @@ -85,8 +86,7 @@ public class AthenzAccessControlService implements AccessControlService { if (!hasPendingAccessRequests(tenantName)) { vespaZmsClient.addRoleMember(role, vespaTeam, Optional.empty()); } - // TODO: Pass along auth0 credentials - vespaZmsClient.approvePendingRoleMembership(role, vespaTeam, expiry, Optional.empty()); + vespaZmsClient.approvePendingRoleMembership(role, vespaTeam, expiry, Optional.empty(), Optional.of(oAuthCredentials)); return true; } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java index f906172dba0..b8106450705 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.athenz.api.AthenzUser; +import com.yahoo.vespa.athenz.api.OAuthCredentials; import java.time.Instant; import java.util.Collection; @@ -30,7 +31,7 @@ public class MockAccessControlService implements AccessControlService { } @Override - public boolean approveSshAccess(TenantName tenantName, Instant expiry) { + public boolean approveSshAccess(TenantName tenantName, Instant expiry, OAuthCredentials oAuthCredentials) { return false; } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index 121abc8c9e3..38b2a36a348 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -201,7 +201,7 @@ public class ZmsClientMock implements ZmsClient { } @Override - public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason) { + public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials) { } @Override |