diff options
Diffstat (limited to 'vespa-athenz/src')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java | 20 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java | 5 |
2 files changed, 25 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 89b72c249bd..2294a7e850c 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -1,6 +1,7 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.client.zms; +import com.fasterxml.jackson.databind.ser.std.MapSerializer; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; @@ -25,15 +26,19 @@ import com.yahoo.vespa.athenz.client.zms.bindings.TenancyRequestEntity; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.utils.AthenzIdentities; import org.apache.http.Header; +import org.apache.http.HttpEntity; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; +import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicHeader; +import org.bouncycastle.cert.ocsp.Req; import javax.net.ssl.SSLContext; import java.net.URI; import java.time.Instant; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -183,6 +188,13 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { } @Override + public void createPolicy(AthenzDomain athenzDomain, String athenzPolicy) { + URI uri = zmsUrl.resolve(String.format("domain/%s/policy/%s", + athenzDomain.getName(), athenzPolicy)); + execute(RequestBuilder.put(uri).build(), response -> readEntity(response, Void.class)); + } + + @Override public void addPolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) { URI uri = zmsUrl.resolve(String.format("domain/%s/policy/%s/assertion", athenzDomain.getName(), athenzPolicy)); @@ -289,6 +301,14 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { execute(RequestBuilder.delete(uri).build(), response -> readEntity(response, Void.class)); } + public void createRole(AthenzRole role, Map<String, Object> attributes) { + URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s", role.domain().getName(), role.roleName())); + var request = RequestBuilder.put(uri) + .setEntity(toJsonStringEntity(attributes)) + .build(); + execute(request, response -> readEntity(response, Void.class)); + } + private static Header createCookieHeaderWithOktaTokens(OktaIdentityToken identityToken, OktaAccessToken accessToken) { return new BasicHeader("Cookie", String.format("okta_at=%s; okta_it=%s", accessToken.token(), identityToken.token())); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 2807d20f5c6..ae36fafbb27 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -13,6 +13,7 @@ import com.yahoo.vespa.athenz.api.OktaIdentityToken; import java.time.Instant; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.Set; @@ -45,6 +46,8 @@ public interface ZmsClient extends AutoCloseable { boolean hasAccess(AthenzResourceName resource, String action, AthenzIdentity identity); + void createPolicy(AthenzDomain athenzDomain, String athenzPolicy); + void addPolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole); boolean deletePolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole); @@ -61,5 +64,7 @@ public interface ZmsClient extends AutoCloseable { void deleteService(AthenzService athenzService); + void createRole(AthenzRole role, Map<String, Object> properties); + void close(); } |