diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2022-03-03 11:06:14 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2022-03-03 11:06:14 +0100 |
commit | ff570e8ff3f6e08f7851289efe292b4aa1acedfc (patch) | |
tree | 40538e6072e1e867261d2f61c831d701771d3a41 /vespa-athenz/src/main/java/com/yahoo | |
parent | e31e567d8e14a5e260416742168dd48c0b091bfe (diff) |
Add API for toggling self-served access role
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo')
3 files changed, 29 insertions, 1 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 32f54255262..23c530402b9 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -406,6 +406,17 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { execute(request, response -> readEntity(response, Void.class)); } + public boolean isSelfServeRole(AthenzRole role) { + URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s", role.domain().getName(), role.roleName())); + var request = RequestBuilder.get(uri).build(); + var roleEntity = execute(request, response -> readEntity(response, RoleEntity.class)); + + if (roleEntity.selfServe() == null || roleEntity.reviewEnabled() == null) + return false; + + return roleEntity.selfServe() && roleEntity.reviewEnabled(); + } + private static Header createCookieHeader(OAuthCredentials oAuthCredentials) { return new BasicHeader("Cookie", oAuthCredentials.asCookie()); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 95b7d9b8976..611fe7aa451 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -80,5 +80,7 @@ public interface ZmsClient extends AutoCloseable { void createSubdomain(AthenzDomain parent, String name); + boolean isSelfServeRole(AthenzRole role); + void close(); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java index 28b1f5d3206..f0a498ed644 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java @@ -15,11 +15,18 @@ import java.util.List; public class RoleEntity { private final String roleName; private final List<Member> roleMembers; + private final Boolean selfServe; + private final Boolean reviewEnabled; @JsonCreator - public RoleEntity(@JsonProperty("roleName") String roleName, @JsonProperty("roleMembers") List<Member> roleMembers) { + public RoleEntity(@JsonProperty("roleName") String roleName, + @JsonProperty("roleMembers") List<Member> roleMembers, + @JsonProperty("selfServe") Boolean selfServe, + @JsonProperty("reviewEnabled") Boolean reviewEnabled) { this.roleName = roleName; this.roleMembers = roleMembers; + this.selfServe = selfServe; + this.reviewEnabled = reviewEnabled; } public String roleName() { @@ -30,6 +37,14 @@ public class RoleEntity { return roleMembers; } + public Boolean selfServe() { + return selfServe; + } + + public Boolean reviewEnabled() { + return reviewEnabled; + } + @JsonIgnoreProperties(ignoreUnknown = true) public static final class Member { private final String memberName; |