diff options
Diffstat (limited to 'controller-server')
9 files changed, 177 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java new file mode 100644 index 00000000000..272fae5ca65 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java @@ -0,0 +1,11 @@ +package com.yahoo.vespa.hosted.controller.permits; + +/** + * Data that relates identities to permissions to an application. + * + * @author jonmv + */ +public interface ApplicationPermit extends TenantPermit { + +} + diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java new file mode 100644 index 00000000000..fff860465ba --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java @@ -0,0 +1,30 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.athenz.api.OktaAccessToken; + +import java.util.Objects; + +/** + * Wraps the permit data of an Athenz application modification. + * + * @author jonmv + */ +public class AthenzApplicationPermit implements ApplicationPermit { + + private final AthenzDomain domain; + private final ApplicationId application; + private final OktaAccessToken token; + + public AthenzApplicationPermit(AthenzDomain domain, ApplicationId application, OktaAccessToken token) { + this.domain = Objects.requireNonNull(domain); + this.application = Objects.requireNonNull(application); + this.token = Objects.requireNonNull(token); + } + + public AthenzDomain domain() { return domain; } + public ApplicationId application() { return application; } + public OktaAccessToken token() { return token; } + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java new file mode 100644 index 00000000000..73a61f8fb0b --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java @@ -0,0 +1,26 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.athenz.api.OktaAccessToken; + +import java.util.Objects; + +/** + * Wraps the permit data of an Athenz tenancy modification. + * + * @author jonmv + */ +public class AthenzTenantPermit implements TenantPermit { + + private final AthenzDomain domain; + private final OktaAccessToken token; + + public AthenzTenantPermit(AthenzDomain domain, OktaAccessToken token) { + this.domain = Objects.requireNonNull(domain); + this.token = Objects.requireNonNull(token); + } + + public AthenzDomain domain() { return domain; } + public OktaAccessToken token() { return token; } + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaApplicationPermit.java new file mode 100644 index 00000000000..633d1dfb393 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaApplicationPermit.java @@ -0,0 +1,24 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.config.provision.ApplicationId; + +import java.security.Principal; +import java.util.Objects; + +/** + * Wraps the permit data of an Okta application modification. + */ +public class OktaApplicationPermit { + + private final ApplicationId application; + private final Principal user; + + public OktaApplicationPermit(ApplicationId application, Principal user) { + this.application = Objects.requireNonNull(application); + this.user = Objects.requireNonNull(user); + } + + public ApplicationId application() { return application; } + public Principal user() { return user; } + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaTenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaTenantPermit.java new file mode 100644 index 00000000000..1501971cac6 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/OktaTenantPermit.java @@ -0,0 +1,26 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.config.provision.TenantName; + +import java.security.Principal; +import java.util.Objects; + +/** + * Wraps the permit data of an Okta tenancy modification. + * + * @author jonmv + */ +public class OktaTenantPermit implements TenantPermit { + + private final TenantName tenant; + private final Principal user; + + public OktaTenantPermit(TenantName tenant, Principal user) { + this.tenant = Objects.requireNonNull(tenant); + this.user = Objects.requireNonNull(user); + } + + public TenantName tenant() { return tenant; } + public Principal user() { return user; } + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java new file mode 100644 index 00000000000..0ca92a1f57a --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java @@ -0,0 +1,18 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.container.jdisc.HttpRequest; + +/** + * Extracts {@link TenantPermit}s and {@link ApplicationPermit}s from HTTP requests, to be stored in a {@link PermitStore}. + * + * @author jonmv + */ +public interface PermitExtractor { + + /** Extracts permit data for a tenant, from the given request. */ + TenantPermit getTenantPermit(HttpRequest request); + + /** Extracts permit data for an application, from the given request. */ + ApplicationPermit getApplication(HttpRequest request); + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitStore.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitStore.java new file mode 100644 index 00000000000..78bc869d68d --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitStore.java @@ -0,0 +1,22 @@ +package com.yahoo.vespa.hosted.controller.permits; + +/** + * Stores permits for accessing tenant and application resources. + * + * @author jonmv + */ +public interface PermitStore { + + /** Creates a tenant with permissions given by the permit. */ + void createTenant(TenantPermit tenantPermit); + + /** Deletes the tenant and all permissions related to it. */ + void deleteTenant(TenantPermit tenantPermit); + + /** Creates an application resource with permissions given by the permit. */ + void createApplication(ApplicationPermit applicationPermit); + + /** Deletes the application and all permissions related to it. */ + void deleteApplication(ApplicationPermit applicationPermit); + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java new file mode 100644 index 00000000000..fa821814b45 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java @@ -0,0 +1,10 @@ +package com.yahoo.vespa.hosted.controller.permits; + +/** + * Data that relates identities to permissions to a tenant. + * + * @author jonmv + */ +public interface TenantPermit { + +} diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java index fe5680e2a58..fa78ce7bb12 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/ZipStreamReaderTest.java @@ -8,6 +8,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.UncheckedIOException; import java.nio.charset.StandardCharsets; +import java.nio.file.Path; import java.util.Map; import java.util.zip.ZipEntry; import java.util.zip.ZipOutputStream; @@ -74,4 +75,13 @@ public class ZipStreamReaderTest { return zip.toByteArray(); } + @Test + public void lul() { + String name = "./artif/../yolo/../../hi/"; + Path path = Path.of(name); + System.err.println(name); + System.err.println(path); + System.err.println(path.normalize()); + } + } |