diff options
author | Harald Musum <musum@verizonmedia.com> | 2023-02-20 22:10:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-20 22:10:14 +0100 |
commit | 1a02fe7f8b0402f0190c39404f28faaaac8c42b0 (patch) | |
tree | 3229427b057262b3f55241e97ea959562265820a /vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java | |
parent | 6e7fc3521d9a096691cca57fd1e70c71dc7fa0d7 (diff) | |
parent | a87a2edd2263c0b4c5503a35b621ca0f68b5578a (diff) |
Merge pull request #26117 from vespa-engine/mortent/zts-checkaccessv8.128.22
Use ZTS getAccess instead of ZMS
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java index c4be6d8ced7..eade6229123 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/ZtsClient.java @@ -5,6 +5,7 @@ import com.yahoo.security.Pkcs10Csr; import com.yahoo.vespa.athenz.api.AthenzAccessToken; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; +import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AwsRole; import com.yahoo.vespa.athenz.api.AwsTemporaryCredentials; @@ -187,5 +188,16 @@ public interface ZtsClient extends AutoCloseable { */ AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, Duration duration, String externalId); + /** + * Check access to resource for a given principal + * + * @param resource The resource to verify access to + * @param action Action to verify + * @param identity Principal that requests access + * @return <code>true</code> if access is allowed, <code>false</code> otherwise + */ + boolean hasAccess(AthenzResourceName resource, String action, AthenzIdentity identity); + void close(); + } |