diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2021-09-10 09:12:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-10 09:12:40 +0200 |
commit | 01513fb2bef0d0b3021ede9857604b3d8b19cf31 (patch) | |
tree | cff84b55f21dc620a03e3df379b4f6d8ba31d40b /vespa-athenz | |
parent | 0e6866b490b1af138df94b7cab3b8244710704bf (diff) |
return audit refs when listing pending approvals (#19045)
Diffstat (limited to 'vespa-athenz')
3 files changed, 14 insertions, 8 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 8b9f642f9e0..d1bc7a954ec 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -238,19 +238,19 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { } @Override - public List<AthenzUser> listPendingRoleApprovals(AthenzRole athenzRole) { + public Map<AthenzUser, String> listPendingRoleApprovals(AthenzRole athenzRole) { URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s?pending=true", athenzRole.domain().getName(), athenzRole.roleName())); HttpUriRequest request = RequestBuilder.get() .setUri(uri) .build(); RoleEntity roleEntity = execute(request, response -> readEntity(response, RoleEntity.class)); + return roleEntity.roleMembers().stream() .filter(RoleEntity.Member::pendingApproval) - .map(RoleEntity.Member::memberName) - .map(AthenzIdentities::from) - .filter(identity -> AthenzIdentities.USER_PRINCIPAL_DOMAIN.equals(identity.getDomain())) - .map(AthenzUser.class::cast) - .collect(Collectors.toList()); + .filter(re -> AthenzIdentities.USER_PRINCIPAL_DOMAIN.equals(AthenzIdentities.from(re.memberName()).getDomain())) + .collect(Collectors.toUnmodifiableMap( + m -> (AthenzUser) AthenzIdentities.from(m.memberName()), + RoleEntity.Member::auditRef)); } @Override diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index ae36fafbb27..53d7cb6e652 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -52,7 +52,7 @@ public interface ZmsClient extends AutoCloseable { boolean deletePolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole); - List<AthenzUser> listPendingRoleApprovals(AthenzRole athenzRole); + Map<AthenzUser, String> listPendingRoleApprovals(AthenzRole athenzRole); void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java index 5babe292138..537fa1fe50a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java @@ -35,12 +35,14 @@ public class RoleEntity { private final String memberName; private final boolean active; private final boolean approved; + private final String auditRef; @JsonCreator - public Member(@JsonProperty("memberName") String memberName, @JsonProperty("active") boolean active, @JsonProperty("approved") boolean approved) { + public Member(@JsonProperty("memberName") String memberName, @JsonProperty("active") boolean active, @JsonProperty("approved") boolean approved, @JsonProperty("auditRef") String auditRef) { this.memberName = memberName; this.active = active; this.approved = approved; + this.auditRef = auditRef; } public String memberName() { @@ -50,5 +52,9 @@ public class RoleEntity { public boolean pendingApproval() { return !approved; } + + public String auditRef() { + return auditRef; + } } } |