Add wrappers

author: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-03-13 13:17:51 +0100
committer: Jon Marius Venstad <jvenstad@yahoo-inc.com> 2019-03-17 13:24:13 +0100
commit: aaa14842338452de481f7b31213e572412399dde (patch)
tree: 3b3d7dfa54f265cda84e260cbfac3b30248e7118 /controller-server
parent: c8769d77ef32f74a1ab72d16f2bd5d2cc124ebe2 (diff)
9 files changed, 177 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java
new file mode 100644
index 00000000000..272fae5ca65
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java
@@ -0,0 +1,11 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+/**
+ * Data that relates identities to permissions to an application.
+ *
+ * @author jonmv
+ */
+public interface ApplicationPermit extends TenantPermit {
+
+}
+
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java
new file mode 100644
index 00000000000..fff860465ba
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java
@@ -0,0 +1,30 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.vespa.athenz.api.AthenzDomain;
+import com.yahoo.vespa.athenz.api.OktaAccessToken;
+
+import java.util.Objects;
+
+/**
+ * Wraps the permit data of an Athenz application modification.
+ *
+ * @author jonmv
+ */
+public class AthenzApplicationPermit implements ApplicationPermit {
+
+    private final AthenzDomain domain;
+    private final ApplicationId application;
+    private final OktaAccessToken token;
+
+    public AthenzApplicationPermit(AthenzDomain domain, ApplicationId application, OktaAccessToken token) {
+        this.domain = Objects.requireNonNull(domain);
+        this.application = Objects.requireNonNull(application);
+        this.token = Objects.requireNonNull(token);
+    }
+
+    public AthenzDomain domain() { return domain; }
+    public ApplicationId application() { return application; }
+    public OktaAccessToken token() { return token; }
+
+}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java
new file mode 100644
index 00000000000..73a61f8fb0b
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java
@@ -0,0 +1,26 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+import com.yahoo.vespa.athenz.api.AthenzDomain;
+import com.yahoo.vespa.athenz.api.OktaAccessToken;
+
+import java.util.Objects;
+
+/**
+ * Wraps the permit data of an Athenz tenancy modification.
+ *
+ * @author jonmv
+ */
+public class AthenzTenantPermit implements TenantPermit {
+
+    private final AthenzDomain domain;
+    private final OktaAccessToken token;
+
+    public AthenzTenantPermit(AthenzDomain domain, OktaAccessToken token) {
+        this.domain = Objects.requireNonNull(domain);
+        this.token = Objects.requireNonNull(token);
+    }
+
+    public AthenzDomain domain() { return domain; }
+    public OktaAccessToken token() { return token; }
+
+}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaApplicationPermit.java
new file mode 100644
index 00000000000..633d1dfb393
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaApplicationPermit.java
@@ -0,0 +1,24 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+import com.yahoo.config.provision.ApplicationId;
+
+import java.security.Principal;
+import java.util.Objects;
+
+/**
+ * Wraps the permit data of an Okta application modification.
+ */
+public class OktaApplicationPermit {
+
+    private final ApplicationId application;
+    private final Principal user;
+
+    public OktaApplicationPermit(ApplicationId application, Principal user) {
+        this.application = Objects.requireNonNull(application);
+        this.user = Objects.requireNonNull(user);
+    }
+
+    public ApplicationId application() { return application; }
+    public Principal user() { return user; }
+
+}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaTenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaTenantPermit.java
new file mode 100644
index 00000000000..1501971cac6
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaTenantPermit.java
@@ -0,0 +1,26 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+import com.yahoo.config.provision.TenantName;
+
+import java.security.Principal;
+import java.util.Objects;
+
+/**
+ * Wraps the permit data of an Okta tenancy modification.
+ *
+ * @author jonmv
+ */
+public class OktaTenantPermit implements TenantPermit {
+
+    private final TenantName tenant;
+    private final Principal user;
+
+    public OktaTenantPermit(TenantName tenant, Principal user) {
+        this.tenant = Objects.requireNonNull(tenant);
+        this.user = Objects.requireNonNull(user);
+    }
+
+    public TenantName tenant() { return tenant; }
+    public Principal user() { return user; }
+
+}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java
new file mode 100644
index 00000000000..0ca92a1f57a
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java
@@ -0,0 +1,18 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+import com.yahoo.container.jdisc.HttpRequest;
+
+/**
+ * Extracts {@link TenantPermit}s and {@link ApplicationPermit}s from HTTP requests, to be stored in a {@link PermitStore}.
+ *
+ * @author jonmv
+ */
+public interface PermitExtractor {
+
+    /** Extracts permit data for a tenant, from the given request. */
+    TenantPermit getTenantPermit(HttpRequest request);
+
+    /** Extracts permit data for an application, from the given request. */
+    ApplicationPermit getApplication(HttpRequest request);
+
+}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitStore.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitStore.java
new file mode 100644
index 00000000000..78bc869d68d
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitStore.java
@@ -0,0 +1,22 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+/**
+ * Stores permits for accessing tenant and application resources.
+ *
+ * @author jonmv
+ */
+public interface PermitStore {
+
+    /** Creates a tenant with permissions given by the permit. */
+    void createTenant(TenantPermit tenantPermit);
+
+    /** Deletes the tenant and all permissions related to it. */
+    void deleteTenant(TenantPermit tenantPermit);
+
+    /** Creates an application resource with permissions given by the permit. */
+    void createApplication(ApplicationPermit applicationPermit);
+
+    /** Deletes the application and all permissions related to it. */
+    void deleteApplication(ApplicationPermit applicationPermit);
+
+}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java
new file mode 100644
index 00000000000..fa821814b45
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java
@@ -0,0 +1,10 @@
+package com.yahoo.vespa.hosted.controller.permits;
+
+/**
+ * Data that relates identities to permissions to a tenant.
+ *
+ * @author jonmv
+ */
+public interface TenantPermit {
+
+}
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java
index fe5680e2a58..fa78ce7bb12 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java
@@ -8,6 +8,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Path;
 import java.util.Map;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
@@ -74,4 +75,13 @@ public class ZipStreamReaderTest {
         return zip.toByteArray();
     }
 
+    @Test
+    public void lul() {
+        String name = "./artif/../yolo/../../hi/";
+        Path path = Path.of(name);
+        System.err.println(name);
+        System.err.println(path);
+        System.err.println(path.normalize());
+    }
+
 }
author	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-03-13 13:17:51 +0100
committer	Jon Marius Venstad <jvenstad@yahoo-inc.com>	2019-03-17 13:24:13 +0100
commit	aaa14842338452de481f7b31213e572412399dde (patch)
tree	3b3d7dfa54f265cda84e260cbfac3b30248e7118 /controller-server
parent	c8769d77ef32f74a1ab72d16f2bd5d2cc124ebe2 (diff)