From 3ee3eb39eb8155a3a339ca959c3619c10e67babb Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@yahooinc.com>
Date: Fri, 5 Aug 2022 11:03:56 +0200
Subject: Read approved attribute

---
 .../vespa/athenz/client/zms/DefaultZmsClient.java    |  4 ++--
 .../athenz/client/zms/bindings/MembershipEntity.java | 20 +++++++++++---------
 2 files changed, 13 insertions(+), 11 deletions(-)

(limited to 'vespa-athenz/src/main/java')

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
index 7f16505c500..d7ef20c31c8 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
@@ -150,7 +150,7 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
     @Override
     public void addRoleMember(AthenzRole role, AthenzIdentity member, Optional<String> reason) {
         URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s/member/%s", role.domain().getName(), role.roleName(), member.getFullName()));
-        MembershipEntity membership = new MembershipEntity.RoleMembershipEntity(member.getFullName(), true, role.roleName(), null);
+        MembershipEntity membership = new MembershipEntity.RoleMembershipEntity(member.getFullName(), true, role.roleName(), null, true);
 
 
         RequestBuilder requestBuilder = RequestBuilder.put(uri)
@@ -176,7 +176,7 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
                 .build();
         return execute(request, response -> {
             MembershipEntity membership = readEntity(response, MembershipEntity.GroupMembershipEntity.class);
-            return membership.isMember;
+            return membership.isMember && membership.approved;
         });
     }
 
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/MembershipEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/MembershipEntity.java
index dcffe006112..ef97fb02bfa 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/MembershipEntity.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/MembershipEntity.java
@@ -17,14 +17,17 @@ public class MembershipEntity {
     public final String memberName;
     public final boolean isMember;
     public final String expiration;
+    public final boolean approved;
 
     @JsonCreator
     public MembershipEntity(@JsonProperty("memberName") String memberName,
                             @JsonProperty("isMember") boolean isMember,
-                            @JsonProperty("expiration") String expiration) {
+                            @JsonProperty("expiration") String expiration,
+                            @JsonProperty("approved") boolean approved) {
         this.memberName = memberName;
         this.isMember = isMember;
         this.expiration = expiration;
+        this.approved = approved;
     }
 
     @JsonGetter("memberName")
@@ -49,8 +52,9 @@ public class MembershipEntity {
         public RoleMembershipEntity(@JsonProperty("memberName") String memberName,
                                     @JsonProperty("isMember") boolean isMember,
                                     @JsonProperty("roleName") String roleName,
-                                    @JsonProperty("expiration") String expiration) {
-            super(memberName, isMember, expiration);
+                                    @JsonProperty("expiration") String expiration,
+                                    @JsonProperty("approved") boolean approved) {
+            super(memberName, isMember, expiration, approved);
             this.roleName = roleName;
         }
 
@@ -62,16 +66,13 @@ public class MembershipEntity {
     }
 
     public static class RoleMembershipDecisionEntity extends RoleMembershipEntity {
-        public final boolean approved;
-
         @JsonCreator
         public RoleMembershipDecisionEntity(@JsonProperty("memberName") String memberName,
                                             @JsonProperty("isMember") boolean isMember,
                                             @JsonProperty("roleName") String roleName,
                                             @JsonProperty("expiration") String expiration,
                                             @JsonProperty("approved") boolean approved) {
-            super(memberName, isMember, roleName, expiration);
-            this.approved = approved;
+            super(memberName, isMember, roleName, expiration, approved);
         }
 
     }
@@ -83,8 +84,9 @@ public class MembershipEntity {
         public GroupMembershipEntity(@JsonProperty("memberName") String memberName,
                                      @JsonProperty("isMember") boolean isMember,
                                      @JsonProperty("groupName") String groupName,
-                                     @JsonProperty("expiration") String expiration) {
-            super(memberName, isMember, expiration);
+                                     @JsonProperty("expiration") String expiration,
+                                     @JsonProperty("approved") boolean approved) {
+            super(memberName, isMember, expiration, approved);
             this.groupName = groupName;
         }
 
-- 
cgit v1.2.3