From d9c1e4ba27155469ce2f542b4b6e0b5f70242096 Mon Sep 17 00:00:00 2001
From: Valerij Fredriksen <valerijf@yahooinc.com>
Date: Fri, 18 Feb 2022 18:23:23 +0100
Subject: Pass along auth0 credentials to ZMS

---
 .../java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java     | 5 ++++-
 .../src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java   | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'vespa-athenz')

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
index 3c60d5bbcc3..32f54255262 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
@@ -301,7 +301,8 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
     }
 
     @Override
-    public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason) {
+    public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry,
+                                             Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials) {
         URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s/member/%s/decision", athenzRole.domain().getName(), athenzRole.roleName(), athenzIdentity.getFullName()));
         MembershipEntity membership = new MembershipEntity.RoleMembershipEntity(athenzIdentity.getFullName(), true, athenzRole.roleName(), Long.toString(expiry.getEpochSecond()));
 
@@ -309,6 +310,8 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
                 .setUri(uri)
                 .setEntity(toJsonStringEntity(membership));
 
+        oAuthCredentials.ifPresent(creds -> requestBuilder.addHeader(createCookieHeader(creds)));
+
         if (reason.filter(s -> !s.isBlank()).isPresent()) {
             requestBuilder.addHeader("Y-Audit-Ref", reason.get());
         }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
index bd73913ea64..95b7d9b8976 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
@@ -59,7 +59,8 @@ public interface ZmsClient extends AutoCloseable {
 
     Map<AthenzIdentity, String> listPendingRoleApprovals(AthenzRole athenzRole);
 
-    void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason);
+    void approvePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry,
+                                      Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials);
 
     List<AthenzIdentity> listMembers(AthenzRole athenzRole);
 
-- 
cgit v1.2.3