diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-05-13 10:58:37 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-05-13 10:58:37 +0200 |
commit | e71c77c40faa1868d338a3c827b73901098a7114 (patch) | |
tree | dd30f47b65475ccaacfa42ea230df2b008c7829e /security-utils/src | |
parent | 4154af8419d58fb3cf6834bf89eb67c88248a196 (diff) |
Support construction of PeerPolicy with description
Diffstat (limited to 'security-utils/src')
4 files changed, 17 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java index 2b001ca2ca0..ae2f39fff68 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java @@ -32,6 +32,7 @@ class TransportSecurityOptionsEntity { static class AuthorizedPeer { @JsonProperty("required-credentials") List<RequiredCredential> requiredCredentials; @JsonProperty("name") String name; + @JsonProperty("description") @JsonInclude(NON_NULL) String description; @JsonProperty("roles") @JsonInclude(NON_EMPTY) List<String> roles; } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java index 3cba434912c..4f6d9264f51 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java @@ -96,7 +96,7 @@ public class TransportSecurityOptionsJsonSerializer { if (authorizedPeer.requiredCredentials == null) { throw missingFieldException("required-credentials"); } - return new PeerPolicy(authorizedPeer.name, toRoles(authorizedPeer.roles), toRequestPeerCredentials(authorizedPeer.requiredCredentials)); + return new PeerPolicy(authorizedPeer.name, authorizedPeer.description, toRoles(authorizedPeer.roles), toRequestPeerCredentials(authorizedPeer.requiredCredentials)); } private static Set<Role> toRoles(List<String> roles) { @@ -144,6 +144,7 @@ public class TransportSecurityOptionsJsonSerializer { AuthorizedPeer authorizedPeer = new AuthorizedPeer(); authorizedPeer.name = peerPolicy.policyName(); authorizedPeer.requiredCredentials = new ArrayList<>(); + authorizedPeer.description = peerPolicy.description().orElse(null); for (RequiredPeerCredential requiredPeerCredential : peerPolicy.requiredCredentials()) { RequiredCredential requiredCredential = new RequiredCredential(); requiredCredential.field = toField(requiredPeerCredential.field()); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java index 294f8543f43..4e0a4815f79 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java @@ -4,6 +4,7 @@ package com.yahoo.security.tls.policy; import java.util.Collections; import java.util.List; import java.util.Objects; +import java.util.Optional; import java.util.Set; /** @@ -12,11 +13,18 @@ import java.util.Set; public class PeerPolicy { private final String policyName; + private final String description; private final Set<Role> assumedRoles; private final List<RequiredPeerCredential> requiredCredentials; public PeerPolicy(String policyName, Set<Role> assumedRoles, List<RequiredPeerCredential> requiredCredentials) { + this(policyName, null, assumedRoles, requiredCredentials); + } + + public PeerPolicy( + String policyName, String description, Set<Role> assumedRoles, List<RequiredPeerCredential> requiredCredentials) { this.policyName = policyName; + this.description = description; this.assumedRoles = assumedRoles; this.requiredCredentials = Collections.unmodifiableList(requiredCredentials); } @@ -25,6 +33,8 @@ public class PeerPolicy { return policyName; } + public Optional<String> description() { return Optional.ofNullable(description); } + public Set<Role> assumedRoles() { return assumedRoles; } @@ -37,6 +47,7 @@ public class PeerPolicy { public String toString() { return "PeerPolicy{" + "policyName='" + policyName + '\'' + + ", description='" + description + '\'' + ", assumedRoles=" + assumedRoles + ", requiredCredentials=" + requiredCredentials + '}'; @@ -48,12 +59,13 @@ public class PeerPolicy { if (o == null || getClass() != o.getClass()) return false; PeerPolicy that = (PeerPolicy) o; return Objects.equals(policyName, that.policyName) && + Objects.equals(description, that.description) && Objects.equals(assumedRoles, that.assumedRoles) && Objects.equals(requiredCredentials, that.requiredCredentials); } @Override public int hashCode() { - return Objects.hash(policyName, assumedRoles, requiredCredentials); + return Objects.hash(policyName, description, assumedRoles, requiredCredentials); } } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java index 0dec75fa711..d996b21442a 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java @@ -47,7 +47,7 @@ public class TransportSecurityOptionsJsonSerializerTest { .withAuthorizedPeers( new AuthorizedPeers( new HashSet<>(Arrays.asList( - new PeerPolicy("cfgserver", singleton(new Role("myrole")), Arrays.asList( + new PeerPolicy("cfgserver", "cfgserver policy description", singleton(new Role("myrole")), Arrays.asList( new RequiredPeerCredential(CN, new HostGlobPattern("mycfgserver")), new RequiredPeerCredential(SAN_DNS, new HostGlobPattern("*.suffix.com")))), new PeerPolicy("node", singleton(new Role("anotherrole")), Collections.singletonList(new RequiredPeerCredential(CN, new HostGlobPattern("hostname")))))))) |