From d355ae3e36bf0de7bac1f697d8e0dd0feea61bbe Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@yahooinc.com>
Date: Thu, 21 Sep 2023 12:36:44 +0200
Subject: Allow empty clients

---
 .../security/cloud/CloudTokenDataPlaneFilter.java      |  1 -
 .../security/cloud/CloudTokenDataPlaneFilterTest.java  | 18 ++++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

(limited to 'jdisc-security-filters')

diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
index 6597f10198d..e81f0b1d897 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilter.java
@@ -55,7 +55,6 @@ public class CloudTokenDataPlaneFilter extends JsonSecurityRequestFilterBase {
     private static List<Client> parseClients(CloudTokenDataPlaneFilterConfig cfg) {
         Set<String> ids = new HashSet<>();
         List<Client> clients = new ArrayList<>(cfg.clients().size());
-        if (cfg.clients().isEmpty()) throw new IllegalArgumentException("Empty clients configuration");
         for (var c : cfg.clients()) {
             if (ids.contains(c.id()))
                 throw new IllegalArgumentException("Clients definition has duplicate id '%s'".formatted(c.id()));
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java
index a34d2eb67c3..c34740e58a3 100644
--- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java
+++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudTokenDataPlaneFilterTest.java
@@ -166,6 +166,24 @@ class CloudTokenDataPlaneFilterTest {
         assertEquals(FORBIDDEN, responseHandler.getResponse().getStatus());
     }
 
+    @Test
+    void allows_empty_clients() {
+        var emptyClientsFilter = new CloudTokenDataPlaneFilter(
+                new CloudTokenDataPlaneFilterConfig.Builder()
+                        .tokenContext(TOKEN_CONTEXT)
+                        .build(),
+                clock);
+
+        var req = FilterTestUtils.newRequestBuilder()
+                .withMethod(Method.GET)
+                .withHeader("Authorization", "Bearer " + UNKNOWN_TOKEN.secretTokenString())
+                .build();
+        var responseHandler = new MockResponseHandler();
+        emptyClientsFilter.filter(req, responseHandler);
+        assertNotNull(responseHandler.getResponse());
+        assertEquals(FORBIDDEN, responseHandler.getResponse().getStatus());
+    }
+
     private CloudTokenDataPlaneFilter newFilterWithClientsConfig() {
         return new CloudTokenDataPlaneFilter(
                 new CloudTokenDataPlaneFilterConfig.Builder()
-- 
cgit v1.2.3