Allow empty clients

author: Morten Tokle <mortent@yahooinc.com> 2023-09-21 12:36:44 +0200
committer: Morten Tokle <mortent@yahooinc.com> 2023-09-21 12:36:44 +0200
commit: d355ae3e36bf0de7bac1f697d8e0dd0feea61bbe (patch)
tree: 84f49f713112e7b4c50f4260ac22fc0ed3889466 /jdisc-security-filters
parent: 7faeffcc5901ae88c1c3d1814665d0db6ca1d900 (diff)
2 files changed, 18 insertions, 1 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
index 6597f10198d..e81f0b1d897 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
@@ -55,7 +55,6 @@ public class CloudTokenDataPlaneFilter extends JsonSecurityRequestFilterBase {
     private static List<Client> parseClients(CloudTokenDataPlaneFilterConfig cfg) {
         Set<String> ids = new HashSet<>();
         List<Client> clients = new ArrayList<>(cfg.clients().size());
-        if (cfg.clients().isEmpty()) throw new IllegalArgumentException("Empty clients configuration");
         for (var c : cfg.clients()) {
             if (ids.contains(c.id()))
                 throw new IllegalArgumentException("Clients definition has duplicate id '%s'".formatted(c.id()));
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java
index a34d2eb67c3..c34740e58a3 100644
--- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java
+++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java
@@ -166,6 +166,24 @@ class CloudTokenDataPlaneFilterTest {
         assertEquals(FORBIDDEN, responseHandler.getResponse().getStatus());
     }
 
+    @Test
+    void allows_empty_clients() {
+        var emptyClientsFilter = new CloudTokenDataPlaneFilter(
+                new CloudTokenDataPlaneFilterConfig.Builder()
+                        .tokenContext(TOKEN_CONTEXT)
+                        .build(),
+                clock);
+
+        var req = FilterTestUtils.newRequestBuilder()
+                .withMethod(Method.GET)
+                .withHeader("Authorization", "Bearer " + UNKNOWN_TOKEN.secretTokenString())
+                .build();
+        var responseHandler = new MockResponseHandler();
+        emptyClientsFilter.filter(req, responseHandler);
+        assertNotNull(responseHandler.getResponse());
+        assertEquals(FORBIDDEN, responseHandler.getResponse().getStatus());
+    }
+
     private CloudTokenDataPlaneFilter newFilterWithClientsConfig() {
         return new CloudTokenDataPlaneFilter(
                 new CloudTokenDataPlaneFilterConfig.Builder()
author	Morten Tokle <mortent@yahooinc.com>	2023-09-21 12:36:44 +0200
committer	Morten Tokle <mortent@yahooinc.com>	2023-09-21 12:36:44 +0200
commit	d355ae3e36bf0de7bac1f697d8e0dd0feea61bbe (patch)
tree	84f49f713112e7b4c50f4260ac22fc0ed3889466 /jdisc-security-filters
parent	7faeffcc5901ae88c1c3d1814665d0db6ca1d900 (diff)