Make 'roles' field optional

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-11-26 13:48:40 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-11-26 13:53:02 +0100
commit: 2e6f1bbac52aa20856ee8feaefd810360298d0b3 (patch)
tree: 5934130d1380f8c8d22be4dfb465a81ee4ba4d63 /security-utils
parent: 4e6a8029faa24db84df281092a8ab71c00558c99 (diff)
2 files changed, 7 insertions, 5 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java
index be2027f1c7d..bcd5b193493 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java
@@ -30,7 +30,7 @@ class TransportSecurityOptionsEntity {
     static class AuthorizedPeer {
         @JsonProperty("required-credentials") List<RequiredCredential> requiredCredentials = new ArrayList<>();
         @JsonProperty("name") String name;
-        @JsonProperty("roles") List<String> roles = new ArrayList<>();
+        @JsonProperty("roles") @JsonInclude(NON_EMPTY) List<String> roles;
     }
 
     static class RequiredCredential {
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java
index 8b7c860fd85..cfabd81cf44 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java
@@ -19,6 +19,7 @@ import java.io.OutputStream;
 import java.io.UncheckedIOException;
 import java.nio.file.Paths;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
@@ -85,13 +86,11 @@ public class TransportSecurityOptionsJsonSerializer {
         if (authorizedPeer.requiredCredentials.isEmpty()) {
             throw missingFieldException("required-credentials");
         }
-        if (authorizedPeer.roles.isEmpty()) {
-            throw missingFieldException("roles");
-        }
         return new PeerPolicy(authorizedPeer.name, toRoles(authorizedPeer.roles), toRequestPeerCredentials(authorizedPeer.requiredCredentials));
     }
 
     private static Set<Role> toRoles(List<String> roles) {
+        if (roles == null) return Collections.emptySet();
         return roles.stream()
                 .map(Role::new)
                 .collect(toSet());
@@ -138,7 +137,10 @@ public class TransportSecurityOptionsJsonSerializer {
                     requiredCredential.matchExpression = requiredPeerCredential.pattern().asString();
                     authorizedPeer.requiredCredentials.add(requiredCredential);
                 }
-                peerPolicy.assumedRoles().forEach(role -> authorizedPeer.roles.add(role.name()));
+                if (!peerPolicy.assumedRoles().isEmpty()) {
+                    authorizedPeer.roles = new ArrayList<>();
+                    peerPolicy.assumedRoles().forEach(role -> authorizedPeer.roles.add(role.name()));
+                }
                 entity.authorizedPeers.add(authorizedPeer);
             }
         });
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-11-26 13:48:40 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-11-26 13:53:02 +0100
commit	2e6f1bbac52aa20856ee8feaefd810360298d0b3 (patch)
tree	5934130d1380f8c8d22be4dfb465a81ee4ba4d63 /security-utils
parent	4e6a8029faa24db84df281092a8ab71c00558c99 (diff)