Support construction of PeerPolicy with description

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-05-13 10:58:37 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-05-13 10:58:37 +0200
commit: e71c77c40faa1868d338a3c827b73901098a7114 (patch)
tree: dd30f47b65475ccaacfa42ea230df2b008c7829e /security-utils
parent: 4154af8419d58fb3cf6834bf89eb67c88248a196 (diff)
4 files changed, 17 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java
index 2b001ca2ca0..ae2f39fff68 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java
@@ -32,6 +32,7 @@ class TransportSecurityOptionsEntity {
     static class AuthorizedPeer {
         @JsonProperty("required-credentials") List<RequiredCredential> requiredCredentials;
         @JsonProperty("name") String name;
+        @JsonProperty("description") @JsonInclude(NON_NULL) String description;
         @JsonProperty("roles") @JsonInclude(NON_EMPTY) List<String> roles;
     }
 
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java
index 3cba434912c..4f6d9264f51 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java
@@ -96,7 +96,7 @@ public class TransportSecurityOptionsJsonSerializer {
         if (authorizedPeer.requiredCredentials == null) {
             throw missingFieldException("required-credentials");
         }
-        return new PeerPolicy(authorizedPeer.name, toRoles(authorizedPeer.roles), toRequestPeerCredentials(authorizedPeer.requiredCredentials));
+        return new PeerPolicy(authorizedPeer.name, authorizedPeer.description, toRoles(authorizedPeer.roles), toRequestPeerCredentials(authorizedPeer.requiredCredentials));
     }
 
     private static Set<Role> toRoles(List<String> roles) {
@@ -144,6 +144,7 @@ public class TransportSecurityOptionsJsonSerializer {
                             AuthorizedPeer authorizedPeer = new AuthorizedPeer();
                             authorizedPeer.name = peerPolicy.policyName();
                             authorizedPeer.requiredCredentials = new ArrayList<>();
+                            authorizedPeer.description = peerPolicy.description().orElse(null);
                             for (RequiredPeerCredential requiredPeerCredential : peerPolicy.requiredCredentials()) {
                                 RequiredCredential requiredCredential = new RequiredCredential();
                                 requiredCredential.field = toField(requiredPeerCredential.field());
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java
index 294f8543f43..4e0a4815f79 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java
@@ -4,6 +4,7 @@ package com.yahoo.security.tls.policy;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 
 /**
@@ -12,11 +13,18 @@ import java.util.Set;
 public class PeerPolicy {
 
     private final String policyName;
+    private final String description;
     private final Set<Role> assumedRoles;
     private final List<RequiredPeerCredential> requiredCredentials;
 
     public PeerPolicy(String policyName, Set<Role> assumedRoles, List<RequiredPeerCredential> requiredCredentials) {
+        this(policyName, null, assumedRoles, requiredCredentials);
+    }
+
+    public PeerPolicy(
+            String policyName, String description, Set<Role> assumedRoles, List<RequiredPeerCredential> requiredCredentials) {
         this.policyName = policyName;
+        this.description = description;
         this.assumedRoles = assumedRoles;
         this.requiredCredentials = Collections.unmodifiableList(requiredCredentials);
     }
@@ -25,6 +33,8 @@ public class PeerPolicy {
         return policyName;
     }
 
+    public Optional<String> description() { return Optional.ofNullable(description); }
+
     public Set<Role> assumedRoles() {
         return assumedRoles;
     }
@@ -37,6 +47,7 @@ public class PeerPolicy {
     public String toString() {
         return "PeerPolicy{" +
                 "policyName='" + policyName + '\'' +
+                ", description='" + description + '\'' +
                 ", assumedRoles=" + assumedRoles +
                 ", requiredCredentials=" + requiredCredentials +
                 '}';
@@ -48,12 +59,13 @@ public class PeerPolicy {
         if (o == null || getClass() != o.getClass()) return false;
         PeerPolicy that = (PeerPolicy) o;
         return Objects.equals(policyName, that.policyName) &&
+                Objects.equals(description, that.description) &&
                 Objects.equals(assumedRoles, that.assumedRoles) &&
                 Objects.equals(requiredCredentials, that.requiredCredentials);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(policyName, assumedRoles, requiredCredentials);
+        return Objects.hash(policyName, description, assumedRoles, requiredCredentials);
     }
 }
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java
index 0dec75fa711..d996b21442a 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java
@@ -47,7 +47,7 @@ public class TransportSecurityOptionsJsonSerializerTest {
                 .withAuthorizedPeers(
                         new AuthorizedPeers(
                                 new HashSet<>(Arrays.asList(
-                                        new PeerPolicy("cfgserver", singleton(new Role("myrole")), Arrays.asList(
+                                        new PeerPolicy("cfgserver", "cfgserver policy description", singleton(new Role("myrole")), Arrays.asList(
                                                 new RequiredPeerCredential(CN, new HostGlobPattern("mycfgserver")),
                                                 new RequiredPeerCredential(SAN_DNS, new HostGlobPattern("*.suffix.com")))),
                                         new PeerPolicy("node", singleton(new Role("anotherrole")), Collections.singletonList(new RequiredPeerCredential(CN, new HostGlobPattern("hostname"))))))))
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-05-13 10:58:37 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-05-13 10:58:37 +0200
commit	e71c77c40faa1868d338a3c827b73901098a7114 (patch)
tree	dd30f47b65475ccaacfa42ea230df2b008c7829e /security-utils
parent	4154af8419d58fb3cf6834bf89eb67c88248a196 (diff)