diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-22 16:25:35 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-22 16:25:35 +0100 |
commit | fc02e9f48338cb2d0288e8297381de319f71610e (patch) | |
tree | d90e8aba7772d2ddc10d70a2f11edce41fb59bf3 /security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java | |
parent | f52664ef6165dfa653bfe29a70a05410640906e9 (diff) | |
parent | 9eb326be1dc28a68f192d2888151d2e019bdf177 (diff) |
Merge pull request #26145 from vespa-engine/bjorncs/capabilities
Store original capability (set) names from JSON config in PeerPolicy
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java | 46 |
1 files changed, 35 insertions, 11 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java index 010b8a5b228..b7cd03b49bb 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java @@ -1,17 +1,16 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; -import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.EnumSet; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Optional; import java.util.Set; -import java.util.SortedSet; -import java.util.TreeSet; import java.util.logging.Logger; import java.util.stream.Collectors; @@ -33,10 +32,10 @@ public class CapabilitySet implements ToCapabilitySet { Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API, Capability.CONTAINER__STATE_API, Capability.METRICSPROXY__METRICS_API, Capability.SENTINEL__CONNECTIVITY_CHECK); - private static final CapabilitySet SHARED_CAPABILITIES_APP_NODE = CapabilitySet.of( + private static final CapabilitySet SHARED_CAPABILITIES_APP_NODE = CapabilitySet.unionOf(List.of( Capability.LOGSERVER_API, Capability.CONFIGSERVER__CONFIG_API, Capability.CONFIGSERVER__FILEDISTRIBUTION_API, Capability.CONFIGPROXY__CONFIG_API, - Capability.CONFIGPROXY__FILEDISTRIBUTION_API, Capability.SLOBROK__API, TELEMETRY); + Capability.CONFIGPROXY__FILEDISTRIBUTION_API, Capability.SLOBROK__API, TELEMETRY)); public static final CapabilitySet CONTENT_NODE = predefined( "vespa.content_node", @@ -59,7 +58,7 @@ public class CapabilitySet implements ToCapabilitySet { TELEMETRY); private static CapabilitySet predefined(String name, ToCapabilitySet... capabilities) { - var instance = CapabilitySet.of(capabilities); + var instance = CapabilitySet.unionOf(List.of(capabilities)); PREDEFINED.put(name, instance); return instance; } @@ -85,14 +84,14 @@ public class CapabilitySet implements ToCapabilitySet { return new CapabilitySet(caps); } - public static CapabilitySet unionOf(Collection<CapabilitySet> capSets) { + public static CapabilitySet ofSets(Collection<CapabilitySet> capSets) { EnumSet<Capability> union = EnumSet.noneOf(Capability.class); capSets.forEach(cs -> union.addAll(cs.caps)); return new CapabilitySet(union); } - public static CapabilitySet of(ToCapabilitySet... capabilities) { - return CapabilitySet.unionOf(Arrays.stream(capabilities).map(ToCapabilitySet::toCapabilitySet).toList()); + public static CapabilitySet unionOf(Collection<ToCapabilitySet> caps) { + return CapabilitySet.ofSets(caps.stream().map(ToCapabilitySet::toCapabilitySet).toList()); } public static CapabilitySet of(EnumSet<Capability> caps) { return new CapabilitySet(EnumSet.copyOf(caps)); } @@ -107,8 +106,33 @@ public class CapabilitySet implements ToCapabilitySet { public boolean has(Collection<Capability> caps) { return this.caps.containsAll(caps); } public boolean has(Capability... caps) { return this.caps.containsAll(List.of(caps)); } - public SortedSet<String> toNames() { - return caps.stream().map(Capability::asString).collect(Collectors.toCollection(TreeSet::new)); + public Set<String> toCapabilityNames() { + return caps.stream().map(Capability::asString).collect(Collectors.toSet()); + } + + /** return name of the capability set if predefined, otherwise names of the individual capabilities */ + public Set<String> resolveNames() { + var predefinedName = toPredefinedName().orElse(null); + if (predefinedName != null) return Set.of(predefinedName); + return toCapabilityNames(); + } + + /** @return the name if this is a predefined capability set, or empty if not */ + public Optional<String> toPredefinedName() { + return PREDEFINED.entrySet().stream() + .filter(e -> e.getValue().equals(this)) + .map(Map.Entry::getKey) + .findFirst(); + } + + public static Set<String> resolveNames(Collection<ToCapabilitySet> capabilities) { + var names = new HashSet<String>(); + for (ToCapabilitySet tcs : capabilities) { + if (tcs instanceof Capability c) names.add(c.asString()); + else if (tcs instanceof CapabilitySet cs) names.addAll(cs.resolveNames()); + else throw new IllegalArgumentException(tcs.toString()); + } + return Set.copyOf(names); } public Set<Capability> asSet() { return Collections.unmodifiableSet(caps); } |