diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-10-01 15:35:24 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-10-01 15:35:24 +0200 |
commit | 9ce8e3121ba0c5fe36792e930c438f081dd0445d (patch) | |
tree | 5b4bf3d66cf636ee3f432aa9422339374e7d670b /controller-api | |
parent | 2f74bf462fa321d9612fb6bdd144c0f77a0b09f8 (diff) |
Add ZmsClient.getPolicy()
Diffstat (limited to 'controller-api')
2 files changed, 22 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java index a9b20040f20..0f50ff4e198 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java @@ -150,7 +150,12 @@ public class AthenzDbMock { this.resource = resource; } - public Assertion(String role, String action, String resource) { this("grant", role, action, resource); } + public Assertion(String role, String action, String resource) { this("allow", role, action, resource); } + + public String effect() { return effect; } + public String role() { return role; } + public String action() { return action; } + public String resource() { return resource; } public boolean matches(AthenzIdentity principal, String action, String resource) { return Pattern.compile(this.role).matcher(principal.getFullName()).matches() diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index b362a0c7a47..7960e5e8df7 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -1,9 +1,11 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; +import com.yahoo.vespa.athenz.api.AthenzAssertion; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; +import com.yahoo.vespa.athenz.api.AthenzPolicy; import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AthenzService; @@ -184,6 +186,20 @@ public class ZmsClientMock implements ZmsClient { } @Override + public Optional<AthenzPolicy> getPolicy(AthenzDomain domain, String name) { + AthenzDbMock.Policy policy = athenz.getOrCreateDomain(domain).policies.get(name); + if (policy == null) return Optional.empty(); + List<AthenzAssertion> assertions = policy.assertions.stream() + .map(a -> AthenzAssertion.newBuilder( + new AthenzRole(domain, a.role()), + AthenzResourceName.fromString(a.resource()), + a.action()) + .build()) + .collect(Collectors.toList()); + return Optional.of(new AthenzPolicy(policy.name(), assertions)); + } + + @Override public Map<AthenzUser,String> listPendingRoleApprovals(AthenzRole athenzRole) { return Map.of(); } |