Pass along auth0 credentials to ZMS

author: Valerij Fredriksen <valerijf@yahooinc.com> 2022-02-18 18:23:23 +0100
committer: Valerij Fredriksen <valerijf@yahooinc.com> 2022-02-21 09:04:11 +0100
commit: d9c1e4ba27155469ce2f542b4b6e0b5f70242096 (patch)
tree: 864b7346039e59a06ae6055c15af2eb85ab2f134 /vespa-athenz
parent: a294cb2b68d5989572b3a74886c8bf3be225e715 (diff)
2 files changed, 6 insertions, 2 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
index 3c60d5bbcc3..32f54255262 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
@@ -301,7 +301,8 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
     }
 
     @Override
-    public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason) {
+    public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry,
+                                             Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials) {
         URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s/member/%s/decision", athenzRole.domain().getName(), athenzRole.roleName(), athenzIdentity.getFullName()));
         MembershipEntity membership = new MembershipEntity.RoleMembershipEntity(athenzIdentity.getFullName(), true, athenzRole.roleName(), Long.toString(expiry.getEpochSecond()));
 
@@ -309,6 +310,8 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
                 .setUri(uri)
                 .setEntity(toJsonStringEntity(membership));
 
+        oAuthCredentials.ifPresent(creds -> requestBuilder.addHeader(createCookieHeader(creds)));
+
         if (reason.filter(s -> !s.isBlank()).isPresent()) {
             requestBuilder.addHeader("Y-Audit-Ref", reason.get());
         }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
index bd73913ea64..95b7d9b8976 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
@@ -59,7 +59,8 @@ public interface ZmsClient extends AutoCloseable {
 
     Map<AthenzIdentity, String> listPendingRoleApprovals(AthenzRole athenzRole);
 
-    void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason);
+    void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry,
+                                      Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials);
 
     List<AthenzIdentity> listMembers(AthenzRole athenzRole);
author	Valerij Fredriksen <valerijf@yahooinc.com>	2022-02-18 18:23:23 +0100
committer	Valerij Fredriksen <valerijf@yahooinc.com>	2022-02-21 09:04:11 +0100
commit	d9c1e4ba27155469ce2f542b4b6e0b5f70242096 (patch)
tree	864b7346039e59a06ae6055c15af2eb85ab2f134 /vespa-athenz
parent	a294cb2b68d5989572b3a74886c8bf3be225e715 (diff)