Rename access_control_entries field to additional_permissions.

This commit is contained in:
Scott Frederick
2017-05-16 13:39:14 -05:00
parent fe2768a957
commit 7afbe578a8
4 changed files with 79 additions and 79 deletions

View File

@@ -23,36 +23,36 @@ import java.util.Collection;
import java.util.List;
/**
* Access control requirements for a credential in CredHub. If provided when a
* Permissions applied to a credential in CredHub. If provided when a
* credential is written, these values will control what actors can access update
* or retrieve the credential.
*
* This object of this type is typically constructed by the application and passed
* Objects of this type are constructed by the application and passed
* as part of a {@link WriteRequest}.
*
* @author Scott Frederick
*/
public class AccessControlEntry {
public class AdditionalPermission {
private static final String APP_ACTOR_PREFIX = "mtls-app:";
private String actor;
private List<Operation> operations;
/**
* Create a set of access controls. Intended to be used internally for testing.
* Create a set of permissions. Intended to be used internally for testing.
* Clients should use {@link #builder()} to construct instances of this class.
*
* @param actor the ID of the entity that will be allowed to access the credential
* @param operations the operations that the actor will be allowed to perform on the
* credential
*/
AccessControlEntry(String actor, List<Operation> operations) {
AdditionalPermission(String actor, List<Operation> operations) {
this.actor = actor;
this.operations = operations;
}
/**
* Get the ID of the entity that will be allowed to access the credential
* Get the ID of the entity that will be allowed to access the credential.
*
* @return the ID
*/
@@ -76,22 +76,22 @@ public class AccessControlEntry {
/**
* Create a builder that provides a fluent API for providing the values required
* to construct a {@link AccessControlEntry}.
* to construct a {@link AdditionalPermission}.
*
* @return a builder
*/
public static AccessControlEntryBuilder builder() {
return new AccessControlEntryBuilder();
public static AdditionalPermissionBuilder builder() {
return new AdditionalPermissionBuilder();
}
@Override
public boolean equals(Object o) {
if (this == o)
return true;
if (!(o instanceof AccessControlEntry))
if (!(o instanceof AdditionalPermission))
return false;
AccessControlEntry that = (AccessControlEntry) o;
AdditionalPermission that = (AdditionalPermission) o;
if (actor != null ? !actor.equals(that.actor) : that.actor != null)
return false;
@@ -108,21 +108,21 @@ public class AccessControlEntry {
@Override
public String toString() {
return "AccessControlEntry{"
return "AdditionalPermission{"
+ "actor='" + actor + '\''
+ ", operations=" + operations
+ '}';
}
/**
* A builder that provides a fluent API for constructing {@link AccessControlEntry}
* A builder that provides a fluent API for constructing {@link AdditionalPermission}
* instances.
*/
public static class AccessControlEntryBuilder {
public static class AdditionalPermissionBuilder {
private String actor;
private ArrayList<Operation> operations;
AccessControlEntryBuilder() {
AdditionalPermissionBuilder() {
}
/**
@@ -132,7 +132,7 @@ public class AccessControlEntry {
* @param appId application ID
* @return the builder
*/
public AccessControlEntryBuilder app(String appId) {
public AdditionalPermissionBuilder app(String appId) {
this.actor = APP_ACTOR_PREFIX + appId;
return this;
}
@@ -143,7 +143,7 @@ public class AccessControlEntry {
* @param actor actor name
* @return the builder
*/
public AccessControlEntryBuilder actor(String actor) {
public AdditionalPermissionBuilder actor(String actor) {
this.actor = actor;
return this;
}
@@ -156,7 +156,7 @@ public class AccessControlEntry {
* @param operation the {@link Operation}
* @return the builder
*/
public AccessControlEntryBuilder operation(Operation operation) {
public AdditionalPermissionBuilder operation(Operation operation) {
initOperations();
this.operations.add(operation);
return this;
@@ -169,7 +169,7 @@ public class AccessControlEntry {
* @param operations the {@link Operation}s
* @return the builder
*/
public AccessControlEntryBuilder operations(Collection<? extends Operation> operations) {
public AdditionalPermissionBuilder operations(Collection<? extends Operation> operations) {
initOperations();
this.operations.addAll(operations);
return this;
@@ -180,11 +180,11 @@ public class AccessControlEntry {
}
/**
* Construct an {@link AccessControlEntry} with the provided values.
* Construct an {@link AdditionalPermission} with the provided values.
*
* @return an {@link AccessControlEntry}
* @return an {@link AdditionalPermission}
*/
public AccessControlEntry build() {
public AdditionalPermission build() {
List<Operation> operations;
switch (this.operations == null ? 0 : this.operations.size()) {
case 0:
@@ -197,7 +197,7 @@ public class AccessControlEntry {
operations = java.util.Collections.unmodifiableList(new ArrayList<Operation>(this.operations));
}
return new AccessControlEntry(actor, operations);
return new AdditionalPermission(actor, operations);
}
}

View File

@@ -44,7 +44,7 @@ public class WriteRequest {
private ValueType valueType;
private Object value;
@JsonInclude(NON_EMPTY)
private List<AccessControlEntry> accessControlEntries;
private List<AdditionalPermission> additionalPermissions;
/**
* Create a {@link WriteRequest} from the provided parameters. Intended for internal
@@ -55,16 +55,16 @@ public class WriteRequest {
* {@literal true} to update and existing credential
* @param value the value of the credential
* @param valueType the {@link ValueType} of the credential
* @param accessControlEntries requirements for access control for the credential
* @param additionalPermissions access control permissions for the credential
*/
private WriteRequest(CredentialName name, boolean overwrite,
Object value, ValueType valueType,
List<AccessControlEntry> accessControlEntries) {
List<AdditionalPermission> additionalPermissions) {
this.name = name;
this.overwrite = overwrite;
this.valueType = valueType;
this.value = value;
this.accessControlEntries = accessControlEntries;
this.additionalPermissions = additionalPermissions;
}
/**
@@ -107,12 +107,12 @@ public class WriteRequest {
}
/**
* Get the set of {@link AccessControlEntry} to assign to the credential.
* Get the set of {@link AdditionalPermission} to assign to the credential.
*
* @return the set of {@link AccessControlEntry}
* @return the set of {@link AdditionalPermission}
*/
public List<AccessControlEntry> getAccessControlEntries() {
return this.accessControlEntries;
public List<AdditionalPermission> getAdditionalPermissions() {
return this.additionalPermissions;
}
/**
@@ -142,7 +142,7 @@ public class WriteRequest {
return false;
if (!value.equals(that.value))
return false;
return accessControlEntries.equals(that.accessControlEntries);
return additionalPermissions.equals(that.additionalPermissions);
}
@Override
@@ -151,7 +151,7 @@ public class WriteRequest {
result = 31 * result + name.hashCode();
result = 31 * result + valueType.hashCode();
result = 31 * result + value.hashCode();
result = 31 * result + accessControlEntries.hashCode();
result = 31 * result + additionalPermissions.hashCode();
return result;
}
@@ -162,7 +162,7 @@ public class WriteRequest {
+ ", name=" + name
+ ", valueType=" + valueType
+ ", value=" + value
+ ", accessControlEntries=" + accessControlEntries
+ ", additionalPermissions=" + additionalPermissions
+ '}';
}
@@ -174,7 +174,7 @@ public class WriteRequest {
private boolean overwrite;
private Object value;
private ValueType valueType;
private ArrayList<AccessControlEntry> accessControlEntries;
private ArrayList<AdditionalPermission> additionalPermissions;
/**
* Create a {@link WriteRequestBuilder}. Intended for internal use.
@@ -238,36 +238,36 @@ public class WriteRequest {
}
/**
* Add an {@link AccessControlEntry} to the controls that will be assigned to the
* Add an {@link AdditionalPermission} to the permissions that will be assigned to the
* credential.
*
* @param accessControlEntry an {@link AccessControlEntry} to assign to the
* @param additionalPermission an {@link AdditionalPermission} to assign to the
* credential
* @return the builder
*/
public WriteRequestBuilder accessControlEntry(AccessControlEntry accessControlEntry) {
initAccessControls();
this.accessControlEntries.add(accessControlEntry);
public WriteRequestBuilder additionalPermission(AdditionalPermission additionalPermission) {
initPermissions();
this.additionalPermissions.add(additionalPermission);
return this;
}
/**
* Add a collection of {@link AccessControlEntry}s to the controls that will be
* Add a collection of {@link AdditionalPermission}s to the controls that will be
* assigned to the credential.
*
* @param accessControlEntries an collection of {@link AccessControlEntry}s to
* @param permissions an collection of {@link AdditionalPermission}s to
* assign to the credential
* @return the builder
*/
public WriteRequestBuilder accessControlEntries(Collection<? extends AccessControlEntry> accessControlEntries) {
initAccessControls();
this.accessControlEntries.addAll(accessControlEntries);
public WriteRequestBuilder additionalPermissions(Collection<? extends AdditionalPermission> permissions) {
initPermissions();
this.additionalPermissions.addAll(permissions);
return this;
}
private void initAccessControls() {
if (this.accessControlEntries == null) {
this.accessControlEntries = new ArrayList<AccessControlEntry>();
private void initPermissions() {
if (this.additionalPermissions == null) {
this.additionalPermissions = new ArrayList<AdditionalPermission>();
}
}
@@ -277,23 +277,23 @@ public class WriteRequest {
* @return a {@link WriteRequest}
*/
public WriteRequest build() {
List<AccessControlEntry> accessControlEntries;
switch (this.accessControlEntries == null ? 0
: this.accessControlEntries.size()) {
List<AdditionalPermission> permissions;
switch (this.additionalPermissions == null ? 0
: this.additionalPermissions.size()) {
case 0:
accessControlEntries = java.util.Collections.emptyList();
permissions = java.util.Collections.emptyList();
break;
case 1:
accessControlEntries = java.util.Collections
.singletonList(this.accessControlEntries.get(0));
permissions = java.util.Collections
.singletonList(this.additionalPermissions.get(0));
break;
default:
accessControlEntries = java.util.Collections.unmodifiableList(
new ArrayList<AccessControlEntry>(this.accessControlEntries));
permissions = java.util.Collections.unmodifiableList(
new ArrayList<AdditionalPermission>(this.additionalPermissions));
}
return new WriteRequest(name, overwrite, value, valueType,
accessControlEntries);
permissions);
}
}

View File

@@ -29,8 +29,8 @@ import static org.hamcrest.CoreMatchers.allOf;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.springframework.credhub.support.AccessControlEntry.Operation.READ;
import static org.springframework.credhub.support.AccessControlEntry.Operation.WRITE;
import static org.springframework.credhub.support.AdditionalPermission.Operation.READ;
import static org.springframework.credhub.support.AdditionalPermission.Operation.WRITE;
import static org.valid4j.matchers.jsonpath.JsonPathMatchers.hasJsonPath;
import static org.valid4j.matchers.jsonpath.JsonPathMatchers.hasNoJsonPath;
import static org.valid4j.matchers.jsonpath.JsonPathMatchers.isJson;
@@ -72,7 +72,7 @@ public class WriteRequestUnitTests {
hasJsonPath("$.value.data", equalTo("value")),
hasJsonPath("$.value.test", equalTo(true))));
assertThat(jsonValue, hasNoJsonPath("$.access_control_entries"));
assertThat(jsonValue, hasNoJsonPath("$.additional_permissions"));
}
@Test
@@ -87,44 +87,44 @@ public class WriteRequestUnitTests {
hasJsonPath("$.type", equalTo("password")),
hasJsonPath("$.value", equalTo("secret"))));
assertThat(jsonValue, hasNoJsonPath("$.access_control_entries"));
assertThat(jsonValue, hasNoJsonPath("$.additional_permissions"));
}
@Test
public void serializationWithOneAccessControl() throws Exception {
requestBuilder.passwordValue("secret").accessControlEntry(
AccessControlEntry.builder().app("app-id").operation(READ).build());
public void serializationWithOnePermission() throws Exception {
requestBuilder.passwordValue("secret").additionalPermission(
AdditionalPermission.builder().app("app-id").operation(READ).build());
String jsonValue = serializeToJson(requestBuilder);
assertThat(jsonValue,
allOf(hasJsonPath("$.access_control_entries[0].actor",
allOf(hasJsonPath("$.additional_permissions[0].actor",
equalTo("mtls-app:app-id")),
hasJsonPath("$.access_control_entries[0].operations[0]",
hasJsonPath("$.additional_permissions[0].operations[0]",
equalTo("read"))));
}
@Test
public void serializationWithTwoAccessControls() throws Exception {
public void serializationWithTwoPermissions() throws Exception {
requestBuilder.passwordValue("secret")
.accessControlEntry(AccessControlEntry.builder().app("app1-id")
.additionalPermission(AdditionalPermission.builder().app("app1-id")
.operation(READ).operation(WRITE).build())
.accessControlEntry(AccessControlEntry.builder().app("app2-id")
.additionalPermission(AdditionalPermission.builder().app("app2-id")
.operation(WRITE).operation(READ).build());
String jsonValue = serializeToJson(requestBuilder);
assertThat(jsonValue, allOf(
hasJsonPath("$.access_control_entries[0].actor",
hasJsonPath("$.additional_permissions[0].actor",
equalTo("mtls-app:app1-id")),
hasJsonPath("$.access_control_entries[0].operations[0]", equalTo("read")),
hasJsonPath("$.access_control_entries[0].operations[1]",
hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")),
hasJsonPath("$.additional_permissions[0].operations[1]",
equalTo("write")),
hasJsonPath("$.access_control_entries[1].actor",
hasJsonPath("$.additional_permissions[1].actor",
equalTo("mtls-app:app2-id")),
hasJsonPath("$.access_control_entries[1].operations[0]",
hasJsonPath("$.additional_permissions[1].operations[0]",
equalTo("write")),
hasJsonPath("$.access_control_entries[1].operations[1]",
hasJsonPath("$.additional_permissions[1].operations[1]",
equalTo("read"))));
}

View File

@@ -25,7 +25,7 @@ import java.util.Map;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.credhub.core.CredHubTemplate;
import org.springframework.credhub.support.AccessControlEntry;
import org.springframework.credhub.support.AdditionalPermission;
import org.springframework.credhub.support.CredentialDetails;
import org.springframework.credhub.support.CredentialName;
import org.springframework.credhub.support.CredentialSummary;
@@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import static org.springframework.credhub.support.AccessControlEntry.Operation.READ;
import static org.springframework.credhub.support.AdditionalPermission.Operation.READ;
@RestController
public class CredHubDemoController {
@@ -81,8 +81,8 @@ public class CredHubDemoController {
.jsonValue((Map<String, Object>) value);
if (StringUtils.hasText(appId)) {
requestBuilder.accessControlEntry(
AccessControlEntry.builder().app(appId).operation(READ).build());
requestBuilder.additionalPermission(
AdditionalPermission.builder().app(appId).operation(READ).build());
}
WriteRequest request = requestBuilder.build();