diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-16 15:09:07 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-24 14:44:09 +0100 |
commit | 2d8e7e65a9ea6e80cee667ec7bcff3d488df8a2c (patch) | |
tree | c49c7b29331e78f48bc96e7ac344f667dec0c73c /jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter | |
parent | 08c7d357ee6a826afbf9f044473aaa3d59406f84 (diff) |
Return the matched role in checkAccessAllowed methods
Rewrite AuthorizationResult to specify result type as a inner Type enum.
Add matched role to AuthorizationResult.
Propagate matched role to request object in AthenzAuthorizationFilter.
Diffstat (limited to 'jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter')
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index b81b26d458b..197ba89f3e3 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -5,6 +5,7 @@ import com.yahoo.container.jdisc.RequestHandlerTestDriver; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.vespa.athenz.api.AthenzResourceName; +import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.ZToken; import com.yahoo.vespa.athenz.zpe.AuthorizationResult; import com.yahoo.vespa.athenz.zpe.Zpe; @@ -14,6 +15,7 @@ import org.mockito.Mockito; import java.security.cert.X509Certificate; import static com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilterConfig.CredentialsToVerify.Enum.ANY; +import static com.yahoo.vespa.athenz.zpe.AuthorizationResult.*; import static java.util.Collections.emptyList; import static org.hamcrest.CoreMatchers.containsString; import static org.junit.Assert.assertEquals; @@ -64,7 +66,7 @@ public class AthenzAuthorizationFilterTest { assertNotNull(response); assertEquals(403, response.getStatus()); String content = responseHandler.readAll(); - assertThat(content, containsString(AuthorizationResult.DENY.getDescription())); + assertThat(content, containsString(Type.DENY.getDescription())); } private static DiscFilterRequest createRequest() { @@ -80,24 +82,24 @@ public class AthenzAuthorizationFilterTest { static class AllowingZpe implements Zpe { @Override public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return AuthorizationResult.ALLOW; + return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename")); } @Override public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return AuthorizationResult.ALLOW; + return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename")); } } static class DenyingZpe implements Zpe { @Override public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) { - return AuthorizationResult.DENY; + return new AuthorizationResult(Type.DENY); } @Override public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) { - return AuthorizationResult.DENY; + return new AuthorizationResult(Type.DENY); } } |