Move definition of predefined capability set to parent class

Introduce functional interface ToCapabilitySet to simplify construction of second order capability sets.
author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-02-06 13:54:38 +0100
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-02-09 15:18:43 +0100
commit: f0f9cee55960f20c0daef33991d01e77abbc8f1c (patch)
tree: 0943bbd01629e3e214b0a16a0817884e00c25b82 /security-utils
parent: 78140894d89392f2ccac84b3fd4d23c83b1d1104 (diff)
4 files changed, 46 insertions, 30 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
index 3931f6ab7b7..17f5d3d1421 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
@@ -6,7 +6,7 @@ import java.util.Arrays;
 /**
  * @author bjorncs
  */
-public enum Capability {
+public enum Capability implements ToCapabilitySet {
     NONE("vespa.none"), // placeholder for no capabilities
     CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API("vespa.content.cluster_controller.internal_state_api"),
     CONTENT__DOCUMENT_API("vespa.content.document_api"),
@@ -23,6 +23,8 @@ public enum Capability {
 
     public String asString() { return name; }
 
+    @Override public CapabilitySet toCapabilitySet() { return CapabilitySet.from(this); }
+
     public static Capability fromName(String name) {
         return Arrays.stream(values())
                 .filter(c -> c.name.equals(name))
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
index 7e6c7f394cd..70217665241 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
@@ -5,9 +5,10 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.EnumSet;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Objects;
-import java.util.Optional;
 import java.util.Set;
 import java.util.SortedSet;
 import java.util.TreeSet;
@@ -16,31 +17,30 @@ import java.util.stream.Collectors;
 /**
  * @author bjorncs
  */
-public class CapabilitySet {
-    public enum Predefined {
-        CONTENT_NODE("vespa.content_node",
-                Capability.CONTENT__STORAGE_API, Capability.CONTENT__DOCUMENT_API, Capability.SLOBROK__API),
-        CONTAINER_NODE("vespa.container_node",
-                Capability.CONTENT__DOCUMENT_API, Capability.CONTENT__SEARCH_API, Capability.SLOBROK__API),
-        TELEMETRY("vespa.telemetry",
-                Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API),
-        CLUSTER_CONTROLLER_NODE("vespa.cluster_controller_node",
-                Capability.CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API, Capability.SLOBROK__API),
-        CONFIG_SERVER("vespa.config_server"),
-        ;
-
-        private final String name;
-        private final CapabilitySet set;
-
-        Predefined(String name, Capability... caps) {
-            this.name = name;
-            this.set = caps.length == 0 ? CapabilitySet.none() : CapabilitySet.from(caps); }
-
-        public static Optional<Predefined> fromName(String name) {
-            return Arrays.stream(values()).filter(p -> p.name.equals(name)).findAny();
-        }
-
-        public CapabilitySet capabilities() { return set; }
+public class CapabilitySet implements ToCapabilitySet {
+
+    private static final Map<String, CapabilitySet> PREDEFINED = new HashMap<>();
+
+    /* Predefined capability sets */
+    public static final CapabilitySet CONTENT_NODE = predefined(
+            "vespa.content_node",
+            Capability.CONTENT__STORAGE_API, Capability.CONTENT__DOCUMENT_API, Capability.SLOBROK__API);
+    public static final CapabilitySet CONTAINER_NODE = predefined(
+            "vespa.container_node",
+            Capability.CONTENT__DOCUMENT_API, Capability.CONTENT__SEARCH_API, Capability.SLOBROK__API);
+    public static final CapabilitySet TELEMETRY = predefined(
+            "vespa.telemetry",
+            Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API);
+    public static final CapabilitySet CLUSTER_CONTROLLER_NODE = predefined(
+            "vespa.cluster_controller_node",
+            Capability.CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API, Capability.SLOBROK__API);
+    public static final CapabilitySet CONFIG_SERVER = predefined(
+            "vespa.config_server");
+
+    private static CapabilitySet predefined(String name, ToCapabilitySet... capabilities) {
+        var instance = CapabilitySet.from(capabilities);
+        PREDEFINED.put(name, instance);
+        return instance;
     }
 
     private static final CapabilitySet ALL_CAPABILITIES = new CapabilitySet(EnumSet.allOf(Capability.class));
@@ -50,11 +50,13 @@ public class CapabilitySet {
 
     private CapabilitySet(EnumSet<Capability> caps) { this.caps = caps; }
 
+    @Override public CapabilitySet toCapabilitySet() { return this; }
+
     public static CapabilitySet fromNames(Collection<String> names) {
         EnumSet<Capability> caps = EnumSet.noneOf(Capability.class);
         for (String name : names) {
-            Predefined predefined = Predefined.fromName(name).orElse(null);
-            if (predefined != null) caps.addAll(predefined.set.caps);
+            var predefined = PREDEFINED.get(name);
+            if (predefined != null) caps.addAll(predefined.caps);
             else caps.add(Capability.fromName(name));
         }
         return new CapabilitySet(caps);
@@ -66,6 +68,10 @@ public class CapabilitySet {
         return new CapabilitySet(union);
     }
 
+    public static CapabilitySet from(ToCapabilitySet... capabilities) {
+        return CapabilitySet.unionOf(Arrays.stream(capabilities).map(ToCapabilitySet::toCapabilitySet).toList());
+    }
+
     public static CapabilitySet from(EnumSet<Capability> caps) { return new CapabilitySet(EnumSet.copyOf(caps)); }
     public static CapabilitySet from(Collection<Capability> caps) { return new CapabilitySet(EnumSet.copyOf(caps)); }
     public static CapabilitySet from(Capability... caps) { return new CapabilitySet(EnumSet.copyOf(List.of(caps))); }
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ToCapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/ToCapabilitySet.java
new file mode 100644
index 00000000000..81c0545e2da
--- /dev/null
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ToCapabilitySet.java
@@ -0,0 +1,8 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+package com.yahoo.security.tls;
+
+/**
+ * @author bjorncs
+ */
+@FunctionalInterface public interface ToCapabilitySet { CapabilitySet toCapabilitySet(); }
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java
index c30a812a30d..ae36cc2f774 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java
@@ -46,7 +46,7 @@ class ConnectionAuthContextTest {
 
     private static ConnectionAuthContext createConnectionAuthContext() {
         return new ConnectionAuthContext(
-                List.of(createCertificate()), CapabilitySet.Predefined.CONTAINER_NODE.capabilities(), Set.of(),
+                List.of(createCertificate()), CapabilitySet.CONTAINER_NODE, Set.of(),
                 CapabilityMode.ENFORCE);
     }
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-02-06 13:54:38 +0100
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-02-09 15:18:43 +0100
commit	f0f9cee55960f20c0daef33991d01e77abbc8f1c (patch)
tree	0943bbd01629e3e214b0a16a0817884e00c25b82 /security-utils
parent	78140894d89392f2ccac84b3fd4d23c83b1d1104 (diff)