diff options
| author | andreer <andreer@verizonmedia.com> | 2021-09-20 12:56:14 +0200 |
|---|---|---|
| committer | andreer <andreer@verizonmedia.com> | 2021-09-20 12:56:14 +0200 |
| commit | e91e96934ebaca0742c3858a63b83906d9f640bf (patch) | |
| tree | f333796158b62d29d25b2e91e239be26faa60465 /vespa-athenz | |
| parent | 304fc2ea70fd82957565416554bfed190353d643 (diff) | |
pass audit ref back to athenz when approving ssh
Diffstat (limited to 'vespa-athenz')
| -rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java | 15 | ||||
| -rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java | 2 |
2 files changed, 11 insertions, 6 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 54f2b2fd9e3..297852e9584 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -259,14 +259,19 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { } @Override - public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry) { + public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry, Optional<String> reason) { URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s/member/%s/decision", athenzRole.domain().getName(), athenzRole.roleName(), athenzUser.getFullName())); MembershipEntity membership = new MembershipEntity.RoleMembershipEntity(athenzUser.getFullName(), true, athenzRole.roleName(), Long.toString(expiry.getEpochSecond())); - HttpUriRequest request = RequestBuilder.put() + + var requestBuilder = RequestBuilder.put() .setUri(uri) - .setEntity(toJsonStringEntity(membership)) - .build(); - execute(request, response -> readEntity(response, Void.class)); + .setEntity(toJsonStringEntity(membership)); + + if (reason.filter(s -> !s.isBlank()).isPresent()) { + requestBuilder.addHeader("Y-Audit-Ref", reason.get()); + } + + execute(requestBuilder.build(), response -> readEntity(response, Void.class)); } @Override diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 2fd1cea0e50..7dd0585bfd4 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -54,7 +54,7 @@ public interface ZmsClient extends AutoCloseable { Map<AthenzUser, String> listPendingRoleApprovals(AthenzRole athenzRole); - void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry); + void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry, Optional<String> reason); List<AthenzIdentity> listMembers(AthenzRole athenzRole); |