Rename access_control_entries field to additional_permissions.
This commit is contained in:
@@ -23,36 +23,36 @@ import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Access control requirements for a credential in CredHub. If provided when a
|
||||
* Permissions applied to a credential in CredHub. If provided when a
|
||||
* credential is written, these values will control what actors can access update
|
||||
* or retrieve the credential.
|
||||
*
|
||||
* This object of this type is typically constructed by the application and passed
|
||||
* Objects of this type are constructed by the application and passed
|
||||
* as part of a {@link WriteRequest}.
|
||||
*
|
||||
* @author Scott Frederick
|
||||
*/
|
||||
public class AccessControlEntry {
|
||||
public class AdditionalPermission {
|
||||
private static final String APP_ACTOR_PREFIX = "mtls-app:";
|
||||
|
||||
private String actor;
|
||||
private List<Operation> operations;
|
||||
|
||||
/**
|
||||
* Create a set of access controls. Intended to be used internally for testing.
|
||||
* Create a set of permissions. Intended to be used internally for testing.
|
||||
* Clients should use {@link #builder()} to construct instances of this class.
|
||||
*
|
||||
* @param actor the ID of the entity that will be allowed to access the credential
|
||||
* @param operations the operations that the actor will be allowed to perform on the
|
||||
* credential
|
||||
*/
|
||||
AccessControlEntry(String actor, List<Operation> operations) {
|
||||
AdditionalPermission(String actor, List<Operation> operations) {
|
||||
this.actor = actor;
|
||||
this.operations = operations;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the ID of the entity that will be allowed to access the credential
|
||||
* Get the ID of the entity that will be allowed to access the credential.
|
||||
*
|
||||
* @return the ID
|
||||
*/
|
||||
@@ -76,22 +76,22 @@ public class AccessControlEntry {
|
||||
|
||||
/**
|
||||
* Create a builder that provides a fluent API for providing the values required
|
||||
* to construct a {@link AccessControlEntry}.
|
||||
* to construct a {@link AdditionalPermission}.
|
||||
*
|
||||
* @return a builder
|
||||
*/
|
||||
public static AccessControlEntryBuilder builder() {
|
||||
return new AccessControlEntryBuilder();
|
||||
public static AdditionalPermissionBuilder builder() {
|
||||
return new AdditionalPermissionBuilder();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o)
|
||||
return true;
|
||||
if (!(o instanceof AccessControlEntry))
|
||||
if (!(o instanceof AdditionalPermission))
|
||||
return false;
|
||||
|
||||
AccessControlEntry that = (AccessControlEntry) o;
|
||||
AdditionalPermission that = (AdditionalPermission) o;
|
||||
|
||||
if (actor != null ? !actor.equals(that.actor) : that.actor != null)
|
||||
return false;
|
||||
@@ -108,21 +108,21 @@ public class AccessControlEntry {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "AccessControlEntry{"
|
||||
return "AdditionalPermission{"
|
||||
+ "actor='" + actor + '\''
|
||||
+ ", operations=" + operations
|
||||
+ '}';
|
||||
}
|
||||
|
||||
/**
|
||||
* A builder that provides a fluent API for constructing {@link AccessControlEntry}
|
||||
* A builder that provides a fluent API for constructing {@link AdditionalPermission}
|
||||
* instances.
|
||||
*/
|
||||
public static class AccessControlEntryBuilder {
|
||||
public static class AdditionalPermissionBuilder {
|
||||
private String actor;
|
||||
private ArrayList<Operation> operations;
|
||||
|
||||
AccessControlEntryBuilder() {
|
||||
AdditionalPermissionBuilder() {
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -132,7 +132,7 @@ public class AccessControlEntry {
|
||||
* @param appId application ID
|
||||
* @return the builder
|
||||
*/
|
||||
public AccessControlEntryBuilder app(String appId) {
|
||||
public AdditionalPermissionBuilder app(String appId) {
|
||||
this.actor = APP_ACTOR_PREFIX + appId;
|
||||
return this;
|
||||
}
|
||||
@@ -143,7 +143,7 @@ public class AccessControlEntry {
|
||||
* @param actor actor name
|
||||
* @return the builder
|
||||
*/
|
||||
public AccessControlEntryBuilder actor(String actor) {
|
||||
public AdditionalPermissionBuilder actor(String actor) {
|
||||
this.actor = actor;
|
||||
return this;
|
||||
}
|
||||
@@ -156,7 +156,7 @@ public class AccessControlEntry {
|
||||
* @param operation the {@link Operation}
|
||||
* @return the builder
|
||||
*/
|
||||
public AccessControlEntryBuilder operation(Operation operation) {
|
||||
public AdditionalPermissionBuilder operation(Operation operation) {
|
||||
initOperations();
|
||||
this.operations.add(operation);
|
||||
return this;
|
||||
@@ -169,7 +169,7 @@ public class AccessControlEntry {
|
||||
* @param operations the {@link Operation}s
|
||||
* @return the builder
|
||||
*/
|
||||
public AccessControlEntryBuilder operations(Collection<? extends Operation> operations) {
|
||||
public AdditionalPermissionBuilder operations(Collection<? extends Operation> operations) {
|
||||
initOperations();
|
||||
this.operations.addAll(operations);
|
||||
return this;
|
||||
@@ -180,11 +180,11 @@ public class AccessControlEntry {
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct an {@link AccessControlEntry} with the provided values.
|
||||
* Construct an {@link AdditionalPermission} with the provided values.
|
||||
*
|
||||
* @return an {@link AccessControlEntry}
|
||||
* @return an {@link AdditionalPermission}
|
||||
*/
|
||||
public AccessControlEntry build() {
|
||||
public AdditionalPermission build() {
|
||||
List<Operation> operations;
|
||||
switch (this.operations == null ? 0 : this.operations.size()) {
|
||||
case 0:
|
||||
@@ -197,7 +197,7 @@ public class AccessControlEntry {
|
||||
operations = java.util.Collections.unmodifiableList(new ArrayList<Operation>(this.operations));
|
||||
}
|
||||
|
||||
return new AccessControlEntry(actor, operations);
|
||||
return new AdditionalPermission(actor, operations);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ public class WriteRequest {
|
||||
private ValueType valueType;
|
||||
private Object value;
|
||||
@JsonInclude(NON_EMPTY)
|
||||
private List<AccessControlEntry> accessControlEntries;
|
||||
private List<AdditionalPermission> additionalPermissions;
|
||||
|
||||
/**
|
||||
* Create a {@link WriteRequest} from the provided parameters. Intended for internal
|
||||
@@ -55,16 +55,16 @@ public class WriteRequest {
|
||||
* {@literal true} to update and existing credential
|
||||
* @param value the value of the credential
|
||||
* @param valueType the {@link ValueType} of the credential
|
||||
* @param accessControlEntries requirements for access control for the credential
|
||||
* @param additionalPermissions access control permissions for the credential
|
||||
*/
|
||||
private WriteRequest(CredentialName name, boolean overwrite,
|
||||
Object value, ValueType valueType,
|
||||
List<AccessControlEntry> accessControlEntries) {
|
||||
List<AdditionalPermission> additionalPermissions) {
|
||||
this.name = name;
|
||||
this.overwrite = overwrite;
|
||||
this.valueType = valueType;
|
||||
this.value = value;
|
||||
this.accessControlEntries = accessControlEntries;
|
||||
this.additionalPermissions = additionalPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -107,12 +107,12 @@ public class WriteRequest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the set of {@link AccessControlEntry} to assign to the credential.
|
||||
* Get the set of {@link AdditionalPermission} to assign to the credential.
|
||||
*
|
||||
* @return the set of {@link AccessControlEntry}
|
||||
* @return the set of {@link AdditionalPermission}
|
||||
*/
|
||||
public List<AccessControlEntry> getAccessControlEntries() {
|
||||
return this.accessControlEntries;
|
||||
public List<AdditionalPermission> getAdditionalPermissions() {
|
||||
return this.additionalPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -142,7 +142,7 @@ public class WriteRequest {
|
||||
return false;
|
||||
if (!value.equals(that.value))
|
||||
return false;
|
||||
return accessControlEntries.equals(that.accessControlEntries);
|
||||
return additionalPermissions.equals(that.additionalPermissions);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -151,7 +151,7 @@ public class WriteRequest {
|
||||
result = 31 * result + name.hashCode();
|
||||
result = 31 * result + valueType.hashCode();
|
||||
result = 31 * result + value.hashCode();
|
||||
result = 31 * result + accessControlEntries.hashCode();
|
||||
result = 31 * result + additionalPermissions.hashCode();
|
||||
return result;
|
||||
}
|
||||
|
||||
@@ -162,7 +162,7 @@ public class WriteRequest {
|
||||
+ ", name=" + name
|
||||
+ ", valueType=" + valueType
|
||||
+ ", value=" + value
|
||||
+ ", accessControlEntries=" + accessControlEntries
|
||||
+ ", additionalPermissions=" + additionalPermissions
|
||||
+ '}';
|
||||
}
|
||||
|
||||
@@ -174,7 +174,7 @@ public class WriteRequest {
|
||||
private boolean overwrite;
|
||||
private Object value;
|
||||
private ValueType valueType;
|
||||
private ArrayList<AccessControlEntry> accessControlEntries;
|
||||
private ArrayList<AdditionalPermission> additionalPermissions;
|
||||
|
||||
/**
|
||||
* Create a {@link WriteRequestBuilder}. Intended for internal use.
|
||||
@@ -238,36 +238,36 @@ public class WriteRequest {
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an {@link AccessControlEntry} to the controls that will be assigned to the
|
||||
* Add an {@link AdditionalPermission} to the permissions that will be assigned to the
|
||||
* credential.
|
||||
*
|
||||
* @param accessControlEntry an {@link AccessControlEntry} to assign to the
|
||||
* @param additionalPermission an {@link AdditionalPermission} to assign to the
|
||||
* credential
|
||||
* @return the builder
|
||||
*/
|
||||
public WriteRequestBuilder accessControlEntry(AccessControlEntry accessControlEntry) {
|
||||
initAccessControls();
|
||||
this.accessControlEntries.add(accessControlEntry);
|
||||
public WriteRequestBuilder additionalPermission(AdditionalPermission additionalPermission) {
|
||||
initPermissions();
|
||||
this.additionalPermissions.add(additionalPermission);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a collection of {@link AccessControlEntry}s to the controls that will be
|
||||
* Add a collection of {@link AdditionalPermission}s to the controls that will be
|
||||
* assigned to the credential.
|
||||
*
|
||||
* @param accessControlEntries an collection of {@link AccessControlEntry}s to
|
||||
* @param permissions an collection of {@link AdditionalPermission}s to
|
||||
* assign to the credential
|
||||
* @return the builder
|
||||
*/
|
||||
public WriteRequestBuilder accessControlEntries(Collection<? extends AccessControlEntry> accessControlEntries) {
|
||||
initAccessControls();
|
||||
this.accessControlEntries.addAll(accessControlEntries);
|
||||
public WriteRequestBuilder additionalPermissions(Collection<? extends AdditionalPermission> permissions) {
|
||||
initPermissions();
|
||||
this.additionalPermissions.addAll(permissions);
|
||||
return this;
|
||||
}
|
||||
|
||||
private void initAccessControls() {
|
||||
if (this.accessControlEntries == null) {
|
||||
this.accessControlEntries = new ArrayList<AccessControlEntry>();
|
||||
private void initPermissions() {
|
||||
if (this.additionalPermissions == null) {
|
||||
this.additionalPermissions = new ArrayList<AdditionalPermission>();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -277,23 +277,23 @@ public class WriteRequest {
|
||||
* @return a {@link WriteRequest}
|
||||
*/
|
||||
public WriteRequest build() {
|
||||
List<AccessControlEntry> accessControlEntries;
|
||||
switch (this.accessControlEntries == null ? 0
|
||||
: this.accessControlEntries.size()) {
|
||||
List<AdditionalPermission> permissions;
|
||||
switch (this.additionalPermissions == null ? 0
|
||||
: this.additionalPermissions.size()) {
|
||||
case 0:
|
||||
accessControlEntries = java.util.Collections.emptyList();
|
||||
permissions = java.util.Collections.emptyList();
|
||||
break;
|
||||
case 1:
|
||||
accessControlEntries = java.util.Collections
|
||||
.singletonList(this.accessControlEntries.get(0));
|
||||
permissions = java.util.Collections
|
||||
.singletonList(this.additionalPermissions.get(0));
|
||||
break;
|
||||
default:
|
||||
accessControlEntries = java.util.Collections.unmodifiableList(
|
||||
new ArrayList<AccessControlEntry>(this.accessControlEntries));
|
||||
permissions = java.util.Collections.unmodifiableList(
|
||||
new ArrayList<AdditionalPermission>(this.additionalPermissions));
|
||||
}
|
||||
|
||||
return new WriteRequest(name, overwrite, value, valueType,
|
||||
accessControlEntries);
|
||||
permissions);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -29,8 +29,8 @@ import static org.hamcrest.CoreMatchers.allOf;
|
||||
import static org.hamcrest.CoreMatchers.equalTo;
|
||||
import static org.junit.Assert.assertThat;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.springframework.credhub.support.AccessControlEntry.Operation.READ;
|
||||
import static org.springframework.credhub.support.AccessControlEntry.Operation.WRITE;
|
||||
import static org.springframework.credhub.support.AdditionalPermission.Operation.READ;
|
||||
import static org.springframework.credhub.support.AdditionalPermission.Operation.WRITE;
|
||||
import static org.valid4j.matchers.jsonpath.JsonPathMatchers.hasJsonPath;
|
||||
import static org.valid4j.matchers.jsonpath.JsonPathMatchers.hasNoJsonPath;
|
||||
import static org.valid4j.matchers.jsonpath.JsonPathMatchers.isJson;
|
||||
@@ -72,7 +72,7 @@ public class WriteRequestUnitTests {
|
||||
hasJsonPath("$.value.data", equalTo("value")),
|
||||
hasJsonPath("$.value.test", equalTo(true))));
|
||||
|
||||
assertThat(jsonValue, hasNoJsonPath("$.access_control_entries"));
|
||||
assertThat(jsonValue, hasNoJsonPath("$.additional_permissions"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -87,44 +87,44 @@ public class WriteRequestUnitTests {
|
||||
hasJsonPath("$.type", equalTo("password")),
|
||||
hasJsonPath("$.value", equalTo("secret"))));
|
||||
|
||||
assertThat(jsonValue, hasNoJsonPath("$.access_control_entries"));
|
||||
assertThat(jsonValue, hasNoJsonPath("$.additional_permissions"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void serializationWithOneAccessControl() throws Exception {
|
||||
requestBuilder.passwordValue("secret").accessControlEntry(
|
||||
AccessControlEntry.builder().app("app-id").operation(READ).build());
|
||||
public void serializationWithOnePermission() throws Exception {
|
||||
requestBuilder.passwordValue("secret").additionalPermission(
|
||||
AdditionalPermission.builder().app("app-id").operation(READ).build());
|
||||
|
||||
String jsonValue = serializeToJson(requestBuilder);
|
||||
|
||||
assertThat(jsonValue,
|
||||
allOf(hasJsonPath("$.access_control_entries[0].actor",
|
||||
allOf(hasJsonPath("$.additional_permissions[0].actor",
|
||||
equalTo("mtls-app:app-id")),
|
||||
hasJsonPath("$.access_control_entries[0].operations[0]",
|
||||
hasJsonPath("$.additional_permissions[0].operations[0]",
|
||||
equalTo("read"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void serializationWithTwoAccessControls() throws Exception {
|
||||
public void serializationWithTwoPermissions() throws Exception {
|
||||
requestBuilder.passwordValue("secret")
|
||||
.accessControlEntry(AccessControlEntry.builder().app("app1-id")
|
||||
.additionalPermission(AdditionalPermission.builder().app("app1-id")
|
||||
.operation(READ).operation(WRITE).build())
|
||||
.accessControlEntry(AccessControlEntry.builder().app("app2-id")
|
||||
.additionalPermission(AdditionalPermission.builder().app("app2-id")
|
||||
.operation(WRITE).operation(READ).build());
|
||||
|
||||
String jsonValue = serializeToJson(requestBuilder);
|
||||
|
||||
assertThat(jsonValue, allOf(
|
||||
hasJsonPath("$.access_control_entries[0].actor",
|
||||
hasJsonPath("$.additional_permissions[0].actor",
|
||||
equalTo("mtls-app:app1-id")),
|
||||
hasJsonPath("$.access_control_entries[0].operations[0]", equalTo("read")),
|
||||
hasJsonPath("$.access_control_entries[0].operations[1]",
|
||||
hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")),
|
||||
hasJsonPath("$.additional_permissions[0].operations[1]",
|
||||
equalTo("write")),
|
||||
hasJsonPath("$.access_control_entries[1].actor",
|
||||
hasJsonPath("$.additional_permissions[1].actor",
|
||||
equalTo("mtls-app:app2-id")),
|
||||
hasJsonPath("$.access_control_entries[1].operations[0]",
|
||||
hasJsonPath("$.additional_permissions[1].operations[0]",
|
||||
equalTo("write")),
|
||||
hasJsonPath("$.access_control_entries[1].operations[1]",
|
||||
hasJsonPath("$.additional_permissions[1].operations[1]",
|
||||
equalTo("read"))));
|
||||
}
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ import java.util.Map;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.credhub.core.CredHubTemplate;
|
||||
import org.springframework.credhub.support.AccessControlEntry;
|
||||
import org.springframework.credhub.support.AdditionalPermission;
|
||||
import org.springframework.credhub.support.CredentialDetails;
|
||||
import org.springframework.credhub.support.CredentialName;
|
||||
import org.springframework.credhub.support.CredentialSummary;
|
||||
@@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import static org.springframework.credhub.support.AccessControlEntry.Operation.READ;
|
||||
import static org.springframework.credhub.support.AdditionalPermission.Operation.READ;
|
||||
|
||||
@RestController
|
||||
public class CredHubDemoController {
|
||||
@@ -81,8 +81,8 @@ public class CredHubDemoController {
|
||||
.jsonValue((Map<String, Object>) value);
|
||||
|
||||
if (StringUtils.hasText(appId)) {
|
||||
requestBuilder.accessControlEntry(
|
||||
AccessControlEntry.builder().app(appId).operation(READ).build());
|
||||
requestBuilder.additionalPermission(
|
||||
AdditionalPermission.builder().app(appId).operation(READ).build());
|
||||
}
|
||||
|
||||
WriteRequest request = requestBuilder.build();
|
||||
|
||||
Reference in New Issue
Block a user