diff options
| author | Morten Tokle <mortent@verizonmedia.com> | 2021-09-10 10:30:23 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-10 10:30:23 +0200 |
| commit | 34adf677b98abd47a2c75f43287878ac8ccef8fc (patch) | |
| tree | 441d9da5bbecfb2e799553ddf7f12b90066974d5 /vespa-athenz | |
| parent | bb4ee4e9c053ca4f341eaa5490a850e13ea37f5c (diff) | |
list(Policies/Roles) (#19059)
Diffstat (limited to 'vespa-athenz')
3 files changed, 41 insertions, 4 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index d1bc7a954ec..51887141646 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -1,7 +1,6 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.client.zms; -import com.fasterxml.jackson.databind.ser.std.MapSerializer; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; @@ -19,6 +18,7 @@ import com.yahoo.vespa.athenz.client.zms.bindings.DomainListResponseEntity; import com.yahoo.vespa.athenz.client.zms.bindings.MembershipEntity; import com.yahoo.vespa.athenz.client.zms.bindings.PolicyEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ProviderResourceGroupRolesRequestEntity; +import com.yahoo.vespa.athenz.client.zms.bindings.ResponseListEntity; import com.yahoo.vespa.athenz.client.zms.bindings.RoleEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ServiceEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ServiceListResponseEntity; @@ -26,12 +26,9 @@ import com.yahoo.vespa.athenz.client.zms.bindings.TenancyRequestEntity; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.utils.AthenzIdentities; import org.apache.http.Header; -import org.apache.http.HttpEntity; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; -import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicHeader; -import org.bouncycastle.cert.ocsp.Req; import javax.net.ssl.SSLContext; import java.net.URI; @@ -303,6 +300,7 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { execute(RequestBuilder.delete(uri).build(), response -> readEntity(response, Void.class)); } + @Override public void createRole(AthenzRole role, Map<String, Object> attributes) { URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s", role.domain().getName(), role.roleName())); HashMap<String, Object> finalAttributes = new HashMap<>(attributes); @@ -313,6 +311,22 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { execute(request, response -> readEntity(response, Void.class)); } + @Override + public Set<AthenzRole> listRoles(AthenzDomain domain) { + var uri = zmsUrl.resolve(String.format("domain/%s/role", domain.getName())); + ResponseListEntity listResponse = execute(RequestBuilder.get(uri).build(), response -> readEntity(response, ResponseListEntity.class)); + return listResponse.entity.stream() + .map(name -> new AthenzRole(domain, name)) + .collect(Collectors.toSet()); + } + + @Override + public Set<String> listPolicies(AthenzDomain domain) { + var uri = zmsUrl.resolve(String.format("domain/%s/policy", domain.getName())); + ResponseListEntity listResponse = execute(RequestBuilder.get(uri).build(), response -> readEntity(response, ResponseListEntity.class)); + return Set.copyOf(listResponse.entity); + } + private static Header createCookieHeaderWithOktaTokens(OktaIdentityToken identityToken, OktaAccessToken accessToken) { return new BasicHeader("Cookie", String.format("okta_at=%s; okta_it=%s", accessToken.token(), identityToken.token())); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 53d7cb6e652..2fd1cea0e50 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -66,5 +66,9 @@ public interface ZmsClient extends AutoCloseable { void createRole(AthenzRole role, Map<String, Object> properties); + Set<AthenzRole> listRoles(AthenzDomain domain); + + Set<String> listPolicies(AthenzDomain domain); + void close(); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ResponseListEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ResponseListEntity.java new file mode 100644 index 00000000000..fa64430cd11 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ResponseListEntity.java @@ -0,0 +1,19 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.vespa.athenz.client.zms.bindings; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.List; + +@JsonIgnoreProperties(ignoreUnknown = true) +public class ResponseListEntity { + public final List<String> entity; + + @JsonCreator + public ResponseListEntity(@JsonProperty("names") List<String> entity) { + this.entity = entity; + } +} |