diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-04-28 11:00:39 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-04-28 11:00:39 +0200 |
commit | 5396a7c1aad6c471f16be1e555dd752009053858 (patch) | |
tree | aa14f2feb5d71968218c91fe6e79934c3cfb8b81 /vespa-athenz/src/main | |
parent | f5dd3cb5d31875cf596adc01f2207f690afe553f (diff) |
Include roles from logfwarder config in identity document
Diffstat (limited to 'vespa-athenz/src/main')
3 files changed, 18 insertions, 7 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java index a695e10a29c..786a4213adf 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java @@ -22,6 +22,7 @@ import java.nio.file.Path; import java.nio.file.StandardCopyOption; import java.time.Instant; import java.util.Base64; +import java.util.List; import java.util.Optional; import static com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId.fromDottedString; @@ -67,6 +68,7 @@ public class EntityBindingsMapper { Optional.ofNullable(docEntity.clusterType()).map(ClusterType::from).orElse(null), docEntity.ztsUrl(), Optional.ofNullable(docEntity.serviceIdentity()).map(AthenzIdentities::from).orElse(null), + List.of(), docEntity.unknownAttributes()); return new LegacySignedIdentityDocument( docEntity.signature(), @@ -146,6 +148,7 @@ public class EntityBindingsMapper { Optional.ofNullable(docEntity.clusterType()).map(ClusterType::from).orElse(null), docEntity.ztsUrl(), Optional.ofNullable(docEntity.serviceIdentity()).map(AthenzIdentities::from).orElse(null), + docEntity.roles(), docEntity.unknownAttributes()); } @@ -160,7 +163,8 @@ public class EntityBindingsMapper { identityDocument.identityType().id(), Optional.ofNullable(identityDocument.clusterType()).map(ClusterType::toConfigValue).orElse(null), identityDocument.ztsUrl(), - identityDocument.serviceIdentity().getFullName()); + identityDocument.serviceIdentity().getFullName(), + identityDocument.roles()); try { byte[] bytes = mapper.writeValueAsBytes(documentEntity); return Base64.getEncoder().encodeToString(bytes); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java index 577584db185..7caa4555f25 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java @@ -6,7 +6,9 @@ import com.yahoo.vespa.athenz.api.AthenzService; import java.time.Instant; import java.util.HashMap; +import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; /** @@ -16,7 +18,7 @@ import java.util.Set; public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzService providerService, String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses, IdentityType identityType, ClusterType clusterType, String ztsUrl, - AthenzIdentity serviceIdentity, Map<String, Object> unknownAttributes) { + AthenzIdentity serviceIdentity, List<String> roles, Map<String, Object> unknownAttributes) { public IdentityDocument { ipAddresses = Set.copyOf(ipAddresses); @@ -27,13 +29,14 @@ public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzSer }); // Map.copyOf() does not allow null values unknownAttributes = Map.copyOf(nonNull); + roles = Optional.ofNullable(roles).orElse(List.of()); } public IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzService providerService, String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses, IdentityType identityType, ClusterType clusterType, String ztsUrl, - AthenzIdentity serviceIdentity) { - this(providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, Map.of()); + AthenzIdentity serviceIdentity, List<String> roles) { + this(providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles, Map.of()); } @@ -49,6 +52,7 @@ public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzSer this.clusterType, this.ztsUrl, athenzService, + roles, this.unknownAttributes); } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java index 946eacc67eb..263708f1ace 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java @@ -9,6 +9,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import java.time.Instant; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Set; @@ -19,7 +20,7 @@ import java.util.Set; @JsonInclude(JsonInclude.Include.NON_NULL) public record IdentityDocumentEntity(String providerUniqueId, String providerService, String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses, - String identityType, String clusterType, String ztsUrl, String serviceIdentity, Map<String, Object> unknownAttributes) { + String identityType, String clusterType, String ztsUrl, String serviceIdentity, List<String> roles, Map<String, Object> unknownAttributes) { @JsonCreator public IdentityDocumentEntity(@JsonProperty("provider-unique-id") String providerUniqueId, @@ -31,9 +32,10 @@ public record IdentityDocumentEntity(String providerUniqueId, String providerSer @JsonProperty("identity-type") String identityType, @JsonProperty("cluster-type") String clusterType, @JsonProperty("zts-url") String ztsUrl, - @JsonProperty("service-identity") String serviceIdentity) { + @JsonProperty("service-identity") String serviceIdentity, + @JsonProperty("roles") List<String> roles) { this(providerUniqueId, providerService, configServerHostname, - instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, new HashMap<>()); + instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles, new HashMap<>()); } @JsonProperty("provider-unique-id") @Override public String providerUniqueId() { return providerUniqueId; } @@ -46,6 +48,7 @@ public record IdentityDocumentEntity(String providerUniqueId, String providerSer @JsonProperty("cluster-type") @Override public String clusterType() { return clusterType; } @JsonProperty("zts-url") @Override public String ztsUrl() { return ztsUrl; } @JsonProperty("service-identity") @Override public String serviceIdentity() { return serviceIdentity; } + @JsonProperty("roles") @Override public List<String> roles() { return roles; } @JsonAnyGetter @Override public Map<String, Object> unknownAttributes() { return unknownAttributes; } @JsonAnySetter public void set(String name, Object value) { unknownAttributes.put(name, value); } } |