diff options
12 files changed, 25 insertions, 125 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index f1672f86e9b..d5ce32ee5ee 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -12,7 +12,6 @@ import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.RequiredPeerCredential.Field; -import com.yahoo.security.tls.policy.Role; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; @@ -42,8 +41,6 @@ class CryptoUtils { singleton( new PeerPolicy( "localhost-policy", - singleton( - new Role("localhost-role")), singletonList( RequiredPeerCredential.of(Field.CN, "localhost"))))); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/AuthorizationResult.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/AuthorizationResult.java index 963bb469d6e..6fa97e30d63 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/AuthorizationResult.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/AuthorizationResult.java @@ -1,8 +1,6 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls.authz; -import com.yahoo.security.tls.policy.Role; - import java.util.Collections; import java.util.Objects; import java.util.Set; @@ -11,18 +9,12 @@ import java.util.Set; * @author bjorncs */ public class AuthorizationResult { - private final Set<Role> assumedRoles; private final Set<String> matchedPolicies; - public AuthorizationResult(Set<Role> assumedRoles, Set<String> matchedPolicies) { - this.assumedRoles = Collections.unmodifiableSet(assumedRoles); + public AuthorizationResult(Set<String> matchedPolicies) { this.matchedPolicies = Collections.unmodifiableSet(matchedPolicies); } - public Set<Role> assumedRoles() { - return assumedRoles; - } - public Set<String> matchedPolicies() { return matchedPolicies; } @@ -34,7 +26,6 @@ public class AuthorizationResult { @Override public String toString() { return "AuthorizationResult{" + - "assumedRoles=" + assumedRoles + ", matchedPolicies=" + matchedPolicies + '}'; } @@ -44,12 +35,11 @@ public class AuthorizationResult { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; AuthorizationResult that = (AuthorizationResult) o; - return Objects.equals(assumedRoles, that.assumedRoles) && - Objects.equals(matchedPolicies, that.matchedPolicies); + return Objects.equals(matchedPolicies, that.matchedPolicies); } @Override public int hashCode() { - return Objects.hash(assumedRoles, matchedPolicies); + return Objects.hash(matchedPolicies); } } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java index 40f3817c5f9..8c4e87c1de2 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java @@ -6,7 +6,6 @@ import com.yahoo.security.X509CertificateUtils; import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; -import com.yahoo.security.tls.policy.Role; import java.security.cert.X509Certificate; import java.util.HashSet; @@ -36,18 +35,16 @@ public class PeerAuthorizer { } public AuthorizationResult authorizePeer(X509Certificate peerCertificate) { - Set<Role> assumedRoles = new HashSet<>(); Set<String> matchedPolicies = new HashSet<>(); String cn = getCommonName(peerCertificate).orElse(null); List<String> sans = getSubjectAlternativeNames(peerCertificate); log.fine(() -> String.format("Subject info from x509 certificate: CN=[%s], 'SAN=%s", cn, sans)); for (PeerPolicy peerPolicy : authorizedPeers.peerPolicies()) { if (matchesPolicy(peerPolicy, cn, sans)) { - assumedRoles.addAll(peerPolicy.assumedRoles()); matchedPolicies.add(peerPolicy.policyName()); } } - return new AuthorizationResult(assumedRoles, matchedPolicies); + return new AuthorizationResult(matchedPolicies); } private static boolean matchesPolicy(PeerPolicy peerPolicy, String cn, List<String> sans) { diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java index 12ac75aae80..02c6fe2ab99 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsEntity.java @@ -36,7 +36,6 @@ class TransportSecurityOptionsEntity { @JsonProperty("required-credentials") List<RequiredCredential> requiredCredentials; @JsonProperty("name") String name; @JsonProperty("description") @JsonInclude(NON_NULL) String description; - @JsonProperty("roles") @JsonInclude(NON_EMPTY) List<String> roles; } @JsonIgnoreProperties(ignoreUnknown = true) diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java index 516a0c83d37..5deebf48d1b 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java @@ -10,7 +10,6 @@ import com.yahoo.security.tls.json.TransportSecurityOptionsEntity.RequiredCreden import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; -import com.yahoo.security.tls.policy.Role; import java.io.IOException; import java.io.InputStream; @@ -18,7 +17,6 @@ import java.io.OutputStream; import java.io.UncheckedIOException; import java.nio.file.Paths; import java.util.ArrayList; -import java.util.Collections; import java.util.Comparator; import java.util.List; import java.util.Set; @@ -101,14 +99,7 @@ public class TransportSecurityOptionsJsonSerializer { if (authorizedPeer.requiredCredentials == null) { throw missingFieldException("required-credentials"); } - return new PeerPolicy(authorizedPeer.name, authorizedPeer.description, toRoles(authorizedPeer.roles), toRequestPeerCredentials(authorizedPeer.requiredCredentials)); - } - - private static Set<Role> toRoles(List<String> roles) { - if (roles == null) return Collections.emptySet(); - return roles.stream() - .map(Role::new) - .collect(toSet()); + return new PeerPolicy(authorizedPeer.name, authorizedPeer.description, toRequestPeerCredentials(authorizedPeer.requiredCredentials)); } private static List<RequiredPeerCredential> toRequestPeerCredentials(List<RequiredCredential> requiredCredentials) { @@ -157,11 +148,6 @@ public class TransportSecurityOptionsJsonSerializer { requiredCredential.matchExpression = requiredPeerCredential.pattern().asString(); authorizedPeer.requiredCredentials.add(requiredCredential); } - if (!peerPolicy.assumedRoles().isEmpty()) { - authorizedPeer.roles = new ArrayList<>(); - peerPolicy.assumedRoles().forEach(role -> authorizedPeer.roles.add(role.name())); - } - return authorizedPeer; }) .collect(toList())); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java index 4783889ec62..ff518622f53 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/PeerPolicy.java @@ -5,7 +5,6 @@ import java.util.Collections; import java.util.List; import java.util.Objects; import java.util.Optional; -import java.util.Set; /** * @author bjorncs @@ -14,18 +13,16 @@ public class PeerPolicy { private final String policyName; private final String description; - private final Set<Role> assumedRoles; private final List<RequiredPeerCredential> requiredCredentials; - public PeerPolicy(String policyName, Set<Role> assumedRoles, List<RequiredPeerCredential> requiredCredentials) { - this(policyName, null, assumedRoles, requiredCredentials); + public PeerPolicy(String policyName, List<RequiredPeerCredential> requiredCredentials) { + this(policyName, null, requiredCredentials); } public PeerPolicy( - String policyName, String description, Set<Role> assumedRoles, List<RequiredPeerCredential> requiredCredentials) { + String policyName, String description, List<RequiredPeerCredential> requiredCredentials) { this.policyName = policyName; this.description = description; - this.assumedRoles = assumedRoles; this.requiredCredentials = Collections.unmodifiableList(requiredCredentials); } @@ -35,10 +32,6 @@ public class PeerPolicy { public Optional<String> description() { return Optional.ofNullable(description); } - public Set<Role> assumedRoles() { - return assumedRoles; - } - public List<RequiredPeerCredential> requiredCredentials() { return requiredCredentials; } @@ -48,7 +41,6 @@ public class PeerPolicy { return "PeerPolicy{" + "policyName='" + policyName + '\'' + ", description='" + description + '\'' + - ", assumedRoles=" + assumedRoles + ", requiredCredentials=" + requiredCredentials + '}'; } @@ -60,12 +52,11 @@ public class PeerPolicy { PeerPolicy that = (PeerPolicy) o; return Objects.equals(policyName, that.policyName) && Objects.equals(description, that.description) && - Objects.equals(assumedRoles, that.assumedRoles) && Objects.equals(requiredCredentials, that.requiredCredentials); } @Override public int hashCode() { - return Objects.hash(policyName, description, assumedRoles, requiredCredentials); + return Objects.hash(policyName, description, requiredCredentials); } } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/Role.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/Role.java deleted file mode 100644 index b35bf328847..00000000000 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/Role.java +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls.policy; - -import java.util.Objects; - -/** - * @author bjorncs - */ -public class Role { - - private final String name; - - public Role(String name) { - this.name = name; - } - - public String name() { - return name; - } - - @Override - public String toString() { - return "Role{" + - "name='" + name + '\'' + - '}'; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - Role role = (Role) o; - return Objects.equals(name, role.name); - } - - @Override - public int hashCode() { - return Objects.hash(name); - } -} diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index 8236ce081ba..358929606cd 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -6,7 +6,6 @@ import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; -import com.yahoo.security.tls.policy.Role; import org.junit.Test; import javax.net.ssl.SSLEngine; @@ -41,7 +40,6 @@ public class DefaultTlsContextTest { singleton( new PeerPolicy( "dummy-policy", - singleton(new Role("dummy-role")), singletonList(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy"))))); DefaultTlsContext tlsContext = diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java index fdfed781286..5a4ae1f4ff6 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java @@ -9,7 +9,6 @@ import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.RequiredPeerCredential.Field; -import com.yahoo.security.tls.policy.Role; import org.junit.Test; import javax.security.auth.x500.X500Principal; @@ -20,7 +19,6 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.Arrays; import java.util.List; -import java.util.Set; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.CN; @@ -28,7 +26,6 @@ import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.SAN_DNS import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.SAN_URI; import static java.util.Arrays.asList; import static java.util.Collections.emptyList; -import static java.util.Collections.emptySet; import static java.util.Collections.singletonList; import static java.util.stream.Collectors.toSet; import static org.assertj.core.api.Assertions.assertThat; @@ -41,17 +38,16 @@ import static org.junit.Assert.assertTrue; public class PeerAuthorizerTest { private static final KeyPair KEY_PAIR = KeyUtils.generateKeypair(KeyAlgorithm.EC); - private static final String ROLE_1 = "role-1", ROLE_2 = "role-2", ROLE_3 = "role-3", POLICY_1 = "policy-1", POLICY_2 = "policy-2"; + private static final String POLICY_1 = "policy-1", POLICY_2 = "policy-2"; @Test public void certificate_must_match_both_san_and_cn_pattern() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san"); - PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, createRoles(ROLE_1), cnRequirement, sanRequirement)); + PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanRequirement)); AuthorizationResult result = authorizer.authorizePeer(createCertificate("foo.matching.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList())); assertAuthorized(result); - assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1); assertThat(result.matchedPolicies()).containsOnly(POLICY_1); assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList()))); @@ -65,25 +61,23 @@ public class PeerAuthorizerTest { RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san"); PeerAuthorizer peerAuthorizer = createPeerAuthorizer( - createPolicy(POLICY_1, createRoles(ROLE_1, ROLE_2), cnRequirement, sanRequirement), - createPolicy(POLICY_2, createRoles(ROLE_2, ROLE_3), cnRequirement, sanRequirement)); + createPolicy(POLICY_1, cnRequirement, sanRequirement), + createPolicy(POLICY_2, cnRequirement, sanRequirement)); AuthorizationResult result = peerAuthorizer .authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.matching.san"), emptyList())); assertAuthorized(result); - assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1, ROLE_2, ROLE_3); assertThat(result.matchedPolicies()).containsOnly(POLICY_1, POLICY_2); } @Test public void can_match_subset_of_policies() { PeerAuthorizer peerAuthorizer = createPeerAuthorizer( - createPolicy(POLICY_1, createRoles(ROLE_1), createRequiredCredential(CN, "*.matching.cn")), - createPolicy(POLICY_2, createRoles(ROLE_1, ROLE_2), createRequiredCredential(SAN_DNS, "*.matching.san"))); + createPolicy(POLICY_1, createRequiredCredential(CN, "*.matching.cn")), + createPolicy(POLICY_2, createRequiredCredential(SAN_DNS, "*.matching.san"))); AuthorizationResult result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList())); assertAuthorized(result); - assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1, ROLE_2); assertThat(result.matchedPolicies()).containsOnly(POLICY_2); } @@ -94,7 +88,7 @@ public class PeerAuthorizerTest { RequiredPeerCredential sanPrefixRequirement = createRequiredCredential(SAN_DNS, "*.*.matching.suffix.san"); RequiredPeerCredential sanSuffixRequirement = createRequiredCredential(SAN_DNS, "matching.prefix.*.*.*"); PeerAuthorizer peerAuthorizer = createPeerAuthorizer( - createPolicy(POLICY_1, emptySet(), cnSuffixRequirement, cnPrefixRequirement, sanPrefixRequirement, sanSuffixRequirement)); + createPolicy(POLICY_1, cnSuffixRequirement, cnPrefixRequirement, sanPrefixRequirement, sanSuffixRequirement)); assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList()))); assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.invalid.suffix.san"), emptyList()))); @@ -105,11 +99,10 @@ public class PeerAuthorizerTest { public void can_match_policy_with_san_uri_pattern() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri"); - PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, createRoles(ROLE_1), cnRequirement, sanUriRequirement)); + PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanUriRequirement)); AuthorizationResult result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/matching/uri"))); assertAuthorized(result); - assertThat(result.assumedRoles()).extracting(Role::name).containsOnly(ROLE_1); assertThat(result.matchedPolicies()).containsOnly(POLICY_1); assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/url")))); @@ -133,16 +126,12 @@ public class PeerAuthorizerTest { return RequiredPeerCredential.of(field, pattern); } - private static Set<Role> createRoles(String... roleNames) { - return Arrays.stream(roleNames).map(Role::new).collect(toSet()); - } - private static PeerAuthorizer createPeerAuthorizer(PeerPolicy... policies) { return new PeerAuthorizer(new AuthorizedPeers(Arrays.stream(policies).collect(toSet()))); } - private static PeerPolicy createPolicy(String name, Set<Role> roles, RequiredPeerCredential... requiredCredentials) { - return new PeerPolicy(name, roles, asList(requiredCredentials)); + private static PeerPolicy createPolicy(String name, RequiredPeerCredential... requiredCredentials) { + return new PeerPolicy(name, asList(requiredCredentials)); } private static void assertAuthorized(AuthorizationResult result) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java index 6bca49aee83..2cb262cecc0 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java @@ -5,7 +5,6 @@ import com.yahoo.security.tls.TransportSecurityOptions; import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; -import com.yahoo.security.tls.policy.Role; import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; @@ -26,7 +25,6 @@ import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.CN; import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.SAN_DNS; import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.SAN_URI; import static com.yahoo.test.json.JsonTestHelper.assertJsonEquals; -import static java.util.Collections.singleton; import static org.junit.Assert.assertEquals; /** @@ -47,11 +45,11 @@ public class TransportSecurityOptionsJsonSerializerTest { .withAuthorizedPeers( new AuthorizedPeers( new LinkedHashSet<>(Arrays.asList( - new PeerPolicy("cfgserver", "cfgserver policy description", singleton(new Role("myrole")), Arrays.asList( + new PeerPolicy("cfgserver", "cfgserver policy description", Arrays.asList( RequiredPeerCredential.of(CN, "mycfgserver"), RequiredPeerCredential.of(SAN_DNS, "*.suffix.com"), RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))), - new PeerPolicy("node", singleton(new Role("anotherrole")), Collections.singletonList(RequiredPeerCredential.of(CN, "hostname"))))))) + new PeerPolicy("node", Collections.singletonList(RequiredPeerCredential.of(CN, "hostname"))))))) .build(); ByteArrayOutputStream out = new ByteArrayOutputStream(); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java b/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java index c44a23ecf2b..3ad826d3996 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java @@ -4,11 +4,9 @@ package com.yahoo.security.tls.policy; import org.junit.Test; import java.util.HashSet; -import java.util.List; import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.CN; import static java.util.Arrays.asList; -import static java.util.Collections.singleton; import static java.util.Collections.singletonList; /** @@ -18,9 +16,8 @@ public class AuthorizedPeersTest { @Test(expected = IllegalArgumentException.class) public void throws_exception_on_peer_policies_with_duplicate_names() { - List<RequiredPeerCredential> requiredPeerCredential = singletonList(RequiredPeerCredential.of(CN, "mycfgserver")); - PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singleton(new Role("role")), requiredPeerCredential); - PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singleton(new Role("anotherrole")), requiredPeerCredential); + PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "mycfgserver"))); + PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "myclient"))); new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2))); } diff --git a/security-utils/src/test/resources/transport-security-options-with-authz-rules.json b/security-utils/src/test/resources/transport-security-options-with-authz-rules.json index ea0bee38c8a..06ed6e0943c 100644 --- a/security-utils/src/test/resources/transport-security-options-with-authz-rules.json +++ b/security-utils/src/test/resources/transport-security-options-with-authz-rules.json @@ -16,14 +16,12 @@ "must-match" : "myscheme://resource/path/" } ], "name" : "cfgserver", - "description" : "cfgserver policy description", - "roles" : [ "myrole" ] + "description" : "cfgserver policy description" }, { "required-credentials" : [ { "field" : "CN", "must-match" : "hostname" } ], - "name" : "node", - "roles" : [ "anotherrole" ] + "name" : "node" } ] }
\ No newline at end of file |