Revert "Bjorncs/update zpe"

author: Harald Musum <musum@verizonmedia.com> 2020-01-24 14:17:13 +0100
committer: GitHub <noreply@github.com> 2020-01-24 14:17:13 +0100
commit: 5eb436554c43ccc2d4b97421733b206081b2681d (patch)
tree: 78ad0c97295aad5f501bf9ab0072525baddebe43 /jdisc-security-filters
parent: e2d7d10f664ec221708d051ec754d68fc6cee5b6 (diff)
2 files changed, 7 insertions, 10 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java
index 9151aa1b693..74e0ee36959 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilter.java
@@ -121,12 +121,11 @@ public class AthenzAuthorizationFilter extends JsonSecurityRequestFilterBase {
                                                                   ZpeCheck<C> accessCheck,
                                                                   Function<C, AthenzPrincipal> principalFactory) {
         AuthorizationResult authorizationResult = accessCheck.checkAccess(credentials, resAndAction.resourceName(), resAndAction.action());
-        if (authorizationResult.type() == AuthorizationResult.Type.ALLOW) {
+        if (authorizationResult == AuthorizationResult.ALLOW) {
             request.setUserPrincipal(principalFactory.apply(credentials));
-            authorizationResult.matchedRole().ifPresent(role -> request.setUserRoles(new String[] {role.roleName()}));
             return Optional.empty();
         }
-        return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access forbidden: " + authorizationResult.type().getDescription()));
+        return Optional.of(new ErrorResponse(Response.Status.FORBIDDEN, "Access forbidden: " + authorizationResult.getDescription()));
     }
 
     private static AthenzPrincipal createPrincipal(X509Certificate certificate) {
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java
index 197ba89f3e3..b81b26d458b 100644
--- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java
+++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java
@@ -5,7 +5,6 @@ import com.yahoo.container.jdisc.RequestHandlerTestDriver;
 import com.yahoo.jdisc.Response;
 import com.yahoo.jdisc.http.filter.DiscFilterRequest;
 import com.yahoo.vespa.athenz.api.AthenzResourceName;
-import com.yahoo.vespa.athenz.api.AthenzRole;
 import com.yahoo.vespa.athenz.api.ZToken;
 import com.yahoo.vespa.athenz.zpe.AuthorizationResult;
 import com.yahoo.vespa.athenz.zpe.Zpe;
@@ -15,7 +14,6 @@ import org.mockito.Mockito;
 import java.security.cert.X509Certificate;
 
 import static com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilterConfig.CredentialsToVerify.Enum.ANY;
-import static com.yahoo.vespa.athenz.zpe.AuthorizationResult.*;
 import static java.util.Collections.emptyList;
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.junit.Assert.assertEquals;
@@ -66,7 +64,7 @@ public class AthenzAuthorizationFilterTest {
         assertNotNull(response);
         assertEquals(403, response.getStatus());
         String content = responseHandler.readAll();
-        assertThat(content, containsString(Type.DENY.getDescription()));
+        assertThat(content, containsString(AuthorizationResult.DENY.getDescription()));
     }
 
     private static DiscFilterRequest createRequest() {
@@ -82,24 +80,24 @@ public class AthenzAuthorizationFilterTest {
     static class AllowingZpe implements Zpe {
         @Override
         public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) {
-            return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename"));
+            return AuthorizationResult.ALLOW;
         }
 
         @Override
         public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) {
-            return new AuthorizationResult(Type.ALLOW, new AthenzRole(resourceName.getDomain(), "rolename"));
+            return AuthorizationResult.ALLOW;
         }
     }
 
     static class DenyingZpe implements Zpe {
         @Override
         public AuthorizationResult checkAccessAllowed(ZToken roleToken, AthenzResourceName resourceName, String action) {
-            return new AuthorizationResult(Type.DENY);
+            return AuthorizationResult.DENY;
         }
 
         @Override
         public AuthorizationResult checkAccessAllowed(X509Certificate roleCertificate, AthenzResourceName resourceName, String action) {
-            return new AuthorizationResult(Type.DENY);
+            return AuthorizationResult.DENY;
         }
     }
author	Harald Musum <musum@verizonmedia.com>	2020-01-24 14:17:13 +0100
committer	GitHub <noreply@github.com>	2020-01-24 14:17:13 +0100
commit	5eb436554c43ccc2d4b97421733b206081b2681d (patch)
tree	78ad0c97295aad5f501bf9ab0072525baddebe43 /jdisc-security-filters
parent	e2d7d10f664ec221708d051ec754d68fc6cee5b6 (diff)