Add separate api to fetch roles

author: Morten Tokle <mortent@yahooinc.com> 2023-04-28 14:09:08 +0200
committer: Morten Tokle <mortent@yahooinc.com> 2023-04-28 14:09:08 +0200
commit: d55f01b8fed996e30ce5c75b2b2c869a8afefad4 (patch)
tree: f16104dfb36962138dee5861ab102ff6c5e0008a /vespa-athenz
parent: 2e8ce5dae6330774ca69b679370f56447b129c89 (diff)
6 files changed, 24 insertions, 21 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java
index 786a4213adf..33991ef1a3b 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java
@@ -68,7 +68,6 @@ public class EntityBindingsMapper {
                     Optional.ofNullable(docEntity.clusterType()).map(ClusterType::from).orElse(null),
                     docEntity.ztsUrl(),
                     Optional.ofNullable(docEntity.serviceIdentity()).map(AthenzIdentities::from).orElse(null),
-                    List.of(),
                     docEntity.unknownAttributes());
             return new LegacySignedIdentityDocument(
                     docEntity.signature(),
@@ -148,7 +147,6 @@ public class EntityBindingsMapper {
                 Optional.ofNullable(docEntity.clusterType()).map(ClusterType::from).orElse(null),
                 docEntity.ztsUrl(),
                 Optional.ofNullable(docEntity.serviceIdentity()).map(AthenzIdentities::from).orElse(null),
-                docEntity.roles(),
                 docEntity.unknownAttributes());
     }
 
@@ -163,8 +161,7 @@ public class EntityBindingsMapper {
                 identityDocument.identityType().id(),
                 Optional.ofNullable(identityDocument.clusterType()).map(ClusterType::toConfigValue).orElse(null),
                 identityDocument.ztsUrl(),
-                identityDocument.serviceIdentity().getFullName(),
-                identityDocument.roles());
+                identityDocument.serviceIdentity().getFullName());
         try {
             byte[] bytes = mapper.writeValueAsBytes(documentEntity);
             return Base64.getEncoder().encodeToString(bytes);
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java
index 7caa4555f25..c7517ef8adb 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java
@@ -18,7 +18,7 @@ import java.util.Set;
 public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzService providerService, String configServerHostname,
                                String instanceHostname, Instant createdAt, Set<String> ipAddresses,
                                IdentityType identityType, ClusterType clusterType, String ztsUrl,
-                               AthenzIdentity serviceIdentity, List<String> roles, Map<String, Object> unknownAttributes) {
+                               AthenzIdentity serviceIdentity, Map<String, Object> unknownAttributes) {
 
     public IdentityDocument {
         ipAddresses = Set.copyOf(ipAddresses);
@@ -29,14 +29,13 @@ public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzSer
         });
         // Map.copyOf() does not allow null values
         unknownAttributes = Map.copyOf(nonNull);
-        roles = Optional.ofNullable(roles).orElse(List.of());
     }
 
     public IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzService providerService, String configServerHostname,
                             String instanceHostname, Instant createdAt, Set<String> ipAddresses,
                             IdentityType identityType, ClusterType clusterType, String ztsUrl,
-                            AthenzIdentity serviceIdentity, List<String> roles) {
-        this(providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles, Map.of());
+                            AthenzIdentity serviceIdentity) {
+        this(providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, Map.of());
     }
 
 
@@ -52,7 +51,6 @@ public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzSer
                 this.clusterType,
                 this.ztsUrl,
                 athenzService,
-                roles,
                 this.unknownAttributes);
     }
 }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java
index 263708f1ace..194854cfc3b 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java
@@ -20,7 +20,7 @@ import java.util.Set;
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public record IdentityDocumentEntity(String providerUniqueId, String providerService,
         String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses,
-        String identityType, String clusterType, String ztsUrl, String serviceIdentity, List<String> roles, Map<String, Object> unknownAttributes) {
+        String identityType, String clusterType, String ztsUrl, String serviceIdentity, Map<String, Object> unknownAttributes) {
 
     @JsonCreator
     public IdentityDocumentEntity(@JsonProperty("provider-unique-id") String providerUniqueId,
@@ -32,10 +32,9 @@ public record IdentityDocumentEntity(String providerUniqueId, String providerSer
                                   @JsonProperty("identity-type") String identityType,
                                   @JsonProperty("cluster-type") String clusterType,
                                   @JsonProperty("zts-url") String ztsUrl,
-                                  @JsonProperty("service-identity") String serviceIdentity,
-                                  @JsonProperty("roles") List<String> roles) {
+                                  @JsonProperty("service-identity") String serviceIdentity) {
         this(providerUniqueId, providerService, configServerHostname,
-             instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles, new HashMap<>());
+             instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, new HashMap<>());
     }
 
     @JsonProperty("provider-unique-id") @Override public String providerUniqueId() { return providerUniqueId; }
@@ -48,7 +47,6 @@ public record IdentityDocumentEntity(String providerUniqueId, String providerSer
     @JsonProperty("cluster-type") @Override public String clusterType() { return clusterType; }
     @JsonProperty("zts-url") @Override public String ztsUrl() { return ztsUrl; }
     @JsonProperty("service-identity") @Override public String serviceIdentity() { return serviceIdentity; }
-    @JsonProperty("roles") @Override public List<String> roles() { return roles; }
     @JsonAnyGetter @Override public Map<String, Object> unknownAttributes() { return unknownAttributes; }
     @JsonAnySetter public void set(String name, Object value) { unknownAttributes.put(name, value); }
 }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/RoleListEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/RoleListEntity.java
new file mode 100644
index 00000000000..f785f19f8ea
--- /dev/null
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/RoleListEntity.java
@@ -0,0 +1,12 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.athenz.identityprovider.api.bindings;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.util.List;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public record RoleListEntity (
+        @JsonProperty("roles")List<String> roles) {
+}
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java
index 02732033b75..a58debdb32f 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java
@@ -49,7 +49,6 @@ class EntityBindingsMapperTest {
         assertTrue(json.contains(expectedMemberInJson),
                    () -> "Expected JSON to contain '%s', but got \n'%s'".formatted(expectedMemberInJson, json));
         assertEquals(EntityBindingsMapper.mapper.readTree(originalJson), EntityBindingsMapper.mapper.readTree(json));
-        assertEquals(List.of(), entity.identityDocument().roles());
     }
 
     @Test
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java
index 334e0208c77..276815f263d 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java
@@ -45,14 +45,13 @@ public class IdentityDocumentSignerTest {
     private static final ClusterType clusterType = ClusterType.CONTAINER;
     private static final String ztsUrl = "https://foo";
     private static final AthenzIdentity serviceIdentity = new AthenzService("vespa", "node");
-    private static final List<String> roles = List.of();
 
     @Test
     void legacy_generates_and_validates_signature() {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
         IdentityDocument identityDocument = new IdentityDocument(
                 id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles);
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
         String signature =
                 signer.generateLegacySignature(identityDocument, keyPair.getPrivate());
 
@@ -67,7 +66,7 @@ public class IdentityDocumentSignerTest {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
         IdentityDocument identityDocument = new IdentityDocument(
                 id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles);
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
         String data = EntityBindingsMapper.toIdentityDocmentData(identityDocument);
         String signature =
         signer.generateSignature(data, keyPair.getPrivate());
@@ -83,10 +82,10 @@ public class IdentityDocumentSignerTest {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
         IdentityDocument identityDocument = new IdentityDocument(
                 id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles);
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
         IdentityDocument withoutIgnoredFields = new IdentityDocument(
                 id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, null, null, serviceIdentity, roles);
+                instanceHostname, createdAt, ipAddresses, identityType, null, null, serviceIdentity);
 
         String signature =
                 signer.generateLegacySignature(identityDocument, keyPair.getPrivate());
@@ -105,7 +104,7 @@ public class IdentityDocumentSignerTest {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
         IdentityDocument identityDocument = new IdentityDocument(
                 id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles);
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
         String signature =
                 signer.generateLegacySignature(identityDocument, keyPair.getPrivate());
author	Morten Tokle <mortent@yahooinc.com>	2023-04-28 14:09:08 +0200
committer	Morten Tokle <mortent@yahooinc.com>	2023-04-28 14:09:08 +0200
commit	d55f01b8fed996e30ce5c75b2b2c869a8afefad4 (patch)
tree	f16104dfb36962138dee5861ab102ff6c5e0008a /vespa-athenz
parent	2e8ce5dae6330774ca69b679370f56447b129c89 (diff)