diff options
Diffstat (limited to 'vespa-athenz')
6 files changed, 24 insertions, 21 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java index 786a4213adf..33991ef1a3b 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java @@ -68,7 +68,6 @@ public class EntityBindingsMapper { Optional.ofNullable(docEntity.clusterType()).map(ClusterType::from).orElse(null), docEntity.ztsUrl(), Optional.ofNullable(docEntity.serviceIdentity()).map(AthenzIdentities::from).orElse(null), - List.of(), docEntity.unknownAttributes()); return new LegacySignedIdentityDocument( docEntity.signature(), @@ -148,7 +147,6 @@ public class EntityBindingsMapper { Optional.ofNullable(docEntity.clusterType()).map(ClusterType::from).orElse(null), docEntity.ztsUrl(), Optional.ofNullable(docEntity.serviceIdentity()).map(AthenzIdentities::from).orElse(null), - docEntity.roles(), docEntity.unknownAttributes()); } @@ -163,8 +161,7 @@ public class EntityBindingsMapper { identityDocument.identityType().id(), Optional.ofNullable(identityDocument.clusterType()).map(ClusterType::toConfigValue).orElse(null), identityDocument.ztsUrl(), - identityDocument.serviceIdentity().getFullName(), - identityDocument.roles()); + identityDocument.serviceIdentity().getFullName()); try { byte[] bytes = mapper.writeValueAsBytes(documentEntity); return Base64.getEncoder().encodeToString(bytes); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java index 7caa4555f25..c7517ef8adb 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java @@ -18,7 +18,7 @@ import java.util.Set; public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzService providerService, String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses, IdentityType identityType, ClusterType clusterType, String ztsUrl, - AthenzIdentity serviceIdentity, List<String> roles, Map<String, Object> unknownAttributes) { + AthenzIdentity serviceIdentity, Map<String, Object> unknownAttributes) { public IdentityDocument { ipAddresses = Set.copyOf(ipAddresses); @@ -29,14 +29,13 @@ public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzSer }); // Map.copyOf() does not allow null values unknownAttributes = Map.copyOf(nonNull); - roles = Optional.ofNullable(roles).orElse(List.of()); } public IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzService providerService, String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses, IdentityType identityType, ClusterType clusterType, String ztsUrl, - AthenzIdentity serviceIdentity, List<String> roles) { - this(providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles, Map.of()); + AthenzIdentity serviceIdentity) { + this(providerUniqueId, providerService, configServerHostname, instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, Map.of()); } @@ -52,7 +51,6 @@ public record IdentityDocument(VespaUniqueInstanceId providerUniqueId, AthenzSer this.clusterType, this.ztsUrl, athenzService, - roles, this.unknownAttributes); } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java index 263708f1ace..194854cfc3b 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java @@ -20,7 +20,7 @@ import java.util.Set; @JsonInclude(JsonInclude.Include.NON_NULL) public record IdentityDocumentEntity(String providerUniqueId, String providerService, String configServerHostname, String instanceHostname, Instant createdAt, Set<String> ipAddresses, - String identityType, String clusterType, String ztsUrl, String serviceIdentity, List<String> roles, Map<String, Object> unknownAttributes) { + String identityType, String clusterType, String ztsUrl, String serviceIdentity, Map<String, Object> unknownAttributes) { @JsonCreator public IdentityDocumentEntity(@JsonProperty("provider-unique-id") String providerUniqueId, @@ -32,10 +32,9 @@ public record IdentityDocumentEntity(String providerUniqueId, String providerSer @JsonProperty("identity-type") String identityType, @JsonProperty("cluster-type") String clusterType, @JsonProperty("zts-url") String ztsUrl, - @JsonProperty("service-identity") String serviceIdentity, - @JsonProperty("roles") List<String> roles) { + @JsonProperty("service-identity") String serviceIdentity) { this(providerUniqueId, providerService, configServerHostname, - instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles, new HashMap<>()); + instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, new HashMap<>()); } @JsonProperty("provider-unique-id") @Override public String providerUniqueId() { return providerUniqueId; } @@ -48,7 +47,6 @@ public record IdentityDocumentEntity(String providerUniqueId, String providerSer @JsonProperty("cluster-type") @Override public String clusterType() { return clusterType; } @JsonProperty("zts-url") @Override public String ztsUrl() { return ztsUrl; } @JsonProperty("service-identity") @Override public String serviceIdentity() { return serviceIdentity; } - @JsonProperty("roles") @Override public List<String> roles() { return roles; } @JsonAnyGetter @Override public Map<String, Object> unknownAttributes() { return unknownAttributes; } @JsonAnySetter public void set(String name, Object value) { unknownAttributes.put(name, value); } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/RoleListEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/RoleListEntity.java new file mode 100644 index 00000000000..f785f19f8ea --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/RoleListEntity.java @@ -0,0 +1,12 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identityprovider.api.bindings; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.List; + +@JsonIgnoreProperties(ignoreUnknown = true) +public record RoleListEntity ( + @JsonProperty("roles")List<String> roles) { +} diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java index 02732033b75..a58debdb32f 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java @@ -49,7 +49,6 @@ class EntityBindingsMapperTest { assertTrue(json.contains(expectedMemberInJson), () -> "Expected JSON to contain '%s', but got \n'%s'".formatted(expectedMemberInJson, json)); assertEquals(EntityBindingsMapper.mapper.readTree(originalJson), EntityBindingsMapper.mapper.readTree(json)); - assertEquals(List.of(), entity.identityDocument().roles()); } @Test diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java index 334e0208c77..276815f263d 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java @@ -45,14 +45,13 @@ public class IdentityDocumentSignerTest { private static final ClusterType clusterType = ClusterType.CONTAINER; private static final String ztsUrl = "https://foo"; private static final AthenzIdentity serviceIdentity = new AthenzService("vespa", "node"); - private static final List<String> roles = List.of(); @Test void legacy_generates_and_validates_signature() { IdentityDocumentSigner signer = new IdentityDocumentSigner(); IdentityDocument identityDocument = new IdentityDocument( id, providerService, configserverHostname, - instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles); + instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity); String signature = signer.generateLegacySignature(identityDocument, keyPair.getPrivate()); @@ -67,7 +66,7 @@ public class IdentityDocumentSignerTest { IdentityDocumentSigner signer = new IdentityDocumentSigner(); IdentityDocument identityDocument = new IdentityDocument( id, providerService, configserverHostname, - instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles); + instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity); String data = EntityBindingsMapper.toIdentityDocmentData(identityDocument); String signature = signer.generateSignature(data, keyPair.getPrivate()); @@ -83,10 +82,10 @@ public class IdentityDocumentSignerTest { IdentityDocumentSigner signer = new IdentityDocumentSigner(); IdentityDocument identityDocument = new IdentityDocument( id, providerService, configserverHostname, - instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles); + instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity); IdentityDocument withoutIgnoredFields = new IdentityDocument( id, providerService, configserverHostname, - instanceHostname, createdAt, ipAddresses, identityType, null, null, serviceIdentity, roles); + instanceHostname, createdAt, ipAddresses, identityType, null, null, serviceIdentity); String signature = signer.generateLegacySignature(identityDocument, keyPair.getPrivate()); @@ -105,7 +104,7 @@ public class IdentityDocumentSignerTest { IdentityDocumentSigner signer = new IdentityDocumentSigner(); IdentityDocument identityDocument = new IdentityDocument( id, providerService, configserverHostname, - instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity, roles); + instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity); String signature = signer.generateLegacySignature(identityDocument, keyPair.getPrivate()); |