From 01513fb2bef0d0b3021ede9857604b3d8b19cf31 Mon Sep 17 00:00:00 2001 From: Andreas Eriksen Date: Fri, 10 Sep 2021 09:12:40 +0200 Subject: return audit refs when listing pending approvals (#19045) --- .../com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java | 12 ++++++------ .../java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java | 2 +- .../yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java | 8 +++++++- 3 files changed, 14 insertions(+), 8 deletions(-) (limited to 'vespa-athenz/src') diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 8b9f642f9e0..d1bc7a954ec 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -238,19 +238,19 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { } @Override - public List listPendingRoleApprovals(AthenzRole athenzRole) { + public Map listPendingRoleApprovals(AthenzRole athenzRole) { URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s?pending=true", athenzRole.domain().getName(), athenzRole.roleName())); HttpUriRequest request = RequestBuilder.get() .setUri(uri) .build(); RoleEntity roleEntity = execute(request, response -> readEntity(response, RoleEntity.class)); + return roleEntity.roleMembers().stream() .filter(RoleEntity.Member::pendingApproval) - .map(RoleEntity.Member::memberName) - .map(AthenzIdentities::from) - .filter(identity -> AthenzIdentities.USER_PRINCIPAL_DOMAIN.equals(identity.getDomain())) - .map(AthenzUser.class::cast) - .collect(Collectors.toList()); + .filter(re -> AthenzIdentities.USER_PRINCIPAL_DOMAIN.equals(AthenzIdentities.from(re.memberName()).getDomain())) + .collect(Collectors.toUnmodifiableMap( + m -> (AthenzUser) AthenzIdentities.from(m.memberName()), + RoleEntity.Member::auditRef)); } @Override diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index ae36fafbb27..53d7cb6e652 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -52,7 +52,7 @@ public interface ZmsClient extends AutoCloseable { boolean deletePolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole); - List listPendingRoleApprovals(AthenzRole athenzRole); + Map listPendingRoleApprovals(AthenzRole athenzRole); void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java index 5babe292138..537fa1fe50a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/RoleEntity.java @@ -35,12 +35,14 @@ public class RoleEntity { private final String memberName; private final boolean active; private final boolean approved; + private final String auditRef; @JsonCreator - public Member(@JsonProperty("memberName") String memberName, @JsonProperty("active") boolean active, @JsonProperty("approved") boolean approved) { + public Member(@JsonProperty("memberName") String memberName, @JsonProperty("active") boolean active, @JsonProperty("approved") boolean approved, @JsonProperty("auditRef") String auditRef) { this.memberName = memberName; this.active = active; this.approved = approved; + this.auditRef = auditRef; } public String memberName() { @@ -50,5 +52,9 @@ public class RoleEntity { public boolean pendingApproval() { return !approved; } + + public String auditRef() { + return auditRef; + } } } -- cgit v1.2.3