From 7afbe578a89cc5e8eec8b89e8309915d63504ebb Mon Sep 17 00:00:00 2001 From: Scott Frederick Date: Tue, 16 May 2017 13:39:14 -0500 Subject: [PATCH] Rename access_control_entries field to additional_permissions. --- ...olEntry.java => AdditionalPermission.java} | 46 ++++++------- .../credhub/support/WriteRequest.java | 68 +++++++++---------- .../support/WriteRequestUnitTests.java | 36 +++++----- .../credhub/demo/CredHubDemoController.java | 8 +-- 4 files changed, 79 insertions(+), 79 deletions(-) rename spring-credhub-core/src/main/java/org/springframework/credhub/support/{AccessControlEntry.java => AdditionalPermission.java} (79%) diff --git a/spring-credhub-core/src/main/java/org/springframework/credhub/support/AccessControlEntry.java b/spring-credhub-core/src/main/java/org/springframework/credhub/support/AdditionalPermission.java similarity index 79% rename from spring-credhub-core/src/main/java/org/springframework/credhub/support/AccessControlEntry.java rename to spring-credhub-core/src/main/java/org/springframework/credhub/support/AdditionalPermission.java index 3cdea52..8746407 100644 --- a/spring-credhub-core/src/main/java/org/springframework/credhub/support/AccessControlEntry.java +++ b/spring-credhub-core/src/main/java/org/springframework/credhub/support/AdditionalPermission.java @@ -23,36 +23,36 @@ import java.util.Collection; import java.util.List; /** - * Access control requirements for a credential in CredHub. If provided when a + * Permissions applied to a credential in CredHub. If provided when a * credential is written, these values will control what actors can access update * or retrieve the credential. * - * This object of this type is typically constructed by the application and passed + * Objects of this type are constructed by the application and passed * as part of a {@link WriteRequest}. * * @author Scott Frederick */ -public class AccessControlEntry { +public class AdditionalPermission { private static final String APP_ACTOR_PREFIX = "mtls-app:"; private String actor; private List operations; /** - * Create a set of access controls. Intended to be used internally for testing. + * Create a set of permissions. Intended to be used internally for testing. * Clients should use {@link #builder()} to construct instances of this class. * * @param actor the ID of the entity that will be allowed to access the credential * @param operations the operations that the actor will be allowed to perform on the * credential */ - AccessControlEntry(String actor, List operations) { + AdditionalPermission(String actor, List operations) { this.actor = actor; this.operations = operations; } /** - * Get the ID of the entity that will be allowed to access the credential + * Get the ID of the entity that will be allowed to access the credential. * * @return the ID */ @@ -76,22 +76,22 @@ public class AccessControlEntry { /** * Create a builder that provides a fluent API for providing the values required - * to construct a {@link AccessControlEntry}. + * to construct a {@link AdditionalPermission}. * * @return a builder */ - public static AccessControlEntryBuilder builder() { - return new AccessControlEntryBuilder(); + public static AdditionalPermissionBuilder builder() { + return new AdditionalPermissionBuilder(); } @Override public boolean equals(Object o) { if (this == o) return true; - if (!(o instanceof AccessControlEntry)) + if (!(o instanceof AdditionalPermission)) return false; - AccessControlEntry that = (AccessControlEntry) o; + AdditionalPermission that = (AdditionalPermission) o; if (actor != null ? !actor.equals(that.actor) : that.actor != null) return false; @@ -108,21 +108,21 @@ public class AccessControlEntry { @Override public String toString() { - return "AccessControlEntry{" + return "AdditionalPermission{" + "actor='" + actor + '\'' + ", operations=" + operations + '}'; } /** - * A builder that provides a fluent API for constructing {@link AccessControlEntry} + * A builder that provides a fluent API for constructing {@link AdditionalPermission} * instances. */ - public static class AccessControlEntryBuilder { + public static class AdditionalPermissionBuilder { private String actor; private ArrayList operations; - AccessControlEntryBuilder() { + AdditionalPermissionBuilder() { } /** @@ -132,7 +132,7 @@ public class AccessControlEntry { * @param appId application ID * @return the builder */ - public AccessControlEntryBuilder app(String appId) { + public AdditionalPermissionBuilder app(String appId) { this.actor = APP_ACTOR_PREFIX + appId; return this; } @@ -143,7 +143,7 @@ public class AccessControlEntry { * @param actor actor name * @return the builder */ - public AccessControlEntryBuilder actor(String actor) { + public AdditionalPermissionBuilder actor(String actor) { this.actor = actor; return this; } @@ -156,7 +156,7 @@ public class AccessControlEntry { * @param operation the {@link Operation} * @return the builder */ - public AccessControlEntryBuilder operation(Operation operation) { + public AdditionalPermissionBuilder operation(Operation operation) { initOperations(); this.operations.add(operation); return this; @@ -169,7 +169,7 @@ public class AccessControlEntry { * @param operations the {@link Operation}s * @return the builder */ - public AccessControlEntryBuilder operations(Collection operations) { + public AdditionalPermissionBuilder operations(Collection operations) { initOperations(); this.operations.addAll(operations); return this; @@ -180,11 +180,11 @@ public class AccessControlEntry { } /** - * Construct an {@link AccessControlEntry} with the provided values. + * Construct an {@link AdditionalPermission} with the provided values. * - * @return an {@link AccessControlEntry} + * @return an {@link AdditionalPermission} */ - public AccessControlEntry build() { + public AdditionalPermission build() { List operations; switch (this.operations == null ? 0 : this.operations.size()) { case 0: @@ -197,7 +197,7 @@ public class AccessControlEntry { operations = java.util.Collections.unmodifiableList(new ArrayList(this.operations)); } - return new AccessControlEntry(actor, operations); + return new AdditionalPermission(actor, operations); } } diff --git a/spring-credhub-core/src/main/java/org/springframework/credhub/support/WriteRequest.java b/spring-credhub-core/src/main/java/org/springframework/credhub/support/WriteRequest.java index 3370a5f..4258fa2 100644 --- a/spring-credhub-core/src/main/java/org/springframework/credhub/support/WriteRequest.java +++ b/spring-credhub-core/src/main/java/org/springframework/credhub/support/WriteRequest.java @@ -44,7 +44,7 @@ public class WriteRequest { private ValueType valueType; private Object value; @JsonInclude(NON_EMPTY) - private List accessControlEntries; + private List additionalPermissions; /** * Create a {@link WriteRequest} from the provided parameters. Intended for internal @@ -55,16 +55,16 @@ public class WriteRequest { * {@literal true} to update and existing credential * @param value the value of the credential * @param valueType the {@link ValueType} of the credential - * @param accessControlEntries requirements for access control for the credential + * @param additionalPermissions access control permissions for the credential */ private WriteRequest(CredentialName name, boolean overwrite, Object value, ValueType valueType, - List accessControlEntries) { + List additionalPermissions) { this.name = name; this.overwrite = overwrite; this.valueType = valueType; this.value = value; - this.accessControlEntries = accessControlEntries; + this.additionalPermissions = additionalPermissions; } /** @@ -107,12 +107,12 @@ public class WriteRequest { } /** - * Get the set of {@link AccessControlEntry} to assign to the credential. + * Get the set of {@link AdditionalPermission} to assign to the credential. * - * @return the set of {@link AccessControlEntry} + * @return the set of {@link AdditionalPermission} */ - public List getAccessControlEntries() { - return this.accessControlEntries; + public List getAdditionalPermissions() { + return this.additionalPermissions; } /** @@ -142,7 +142,7 @@ public class WriteRequest { return false; if (!value.equals(that.value)) return false; - return accessControlEntries.equals(that.accessControlEntries); + return additionalPermissions.equals(that.additionalPermissions); } @Override @@ -151,7 +151,7 @@ public class WriteRequest { result = 31 * result + name.hashCode(); result = 31 * result + valueType.hashCode(); result = 31 * result + value.hashCode(); - result = 31 * result + accessControlEntries.hashCode(); + result = 31 * result + additionalPermissions.hashCode(); return result; } @@ -162,7 +162,7 @@ public class WriteRequest { + ", name=" + name + ", valueType=" + valueType + ", value=" + value - + ", accessControlEntries=" + accessControlEntries + + ", additionalPermissions=" + additionalPermissions + '}'; } @@ -174,7 +174,7 @@ public class WriteRequest { private boolean overwrite; private Object value; private ValueType valueType; - private ArrayList accessControlEntries; + private ArrayList additionalPermissions; /** * Create a {@link WriteRequestBuilder}. Intended for internal use. @@ -238,36 +238,36 @@ public class WriteRequest { } /** - * Add an {@link AccessControlEntry} to the controls that will be assigned to the + * Add an {@link AdditionalPermission} to the permissions that will be assigned to the * credential. * - * @param accessControlEntry an {@link AccessControlEntry} to assign to the + * @param additionalPermission an {@link AdditionalPermission} to assign to the * credential * @return the builder */ - public WriteRequestBuilder accessControlEntry(AccessControlEntry accessControlEntry) { - initAccessControls(); - this.accessControlEntries.add(accessControlEntry); + public WriteRequestBuilder additionalPermission(AdditionalPermission additionalPermission) { + initPermissions(); + this.additionalPermissions.add(additionalPermission); return this; } /** - * Add a collection of {@link AccessControlEntry}s to the controls that will be + * Add a collection of {@link AdditionalPermission}s to the controls that will be * assigned to the credential. * - * @param accessControlEntries an collection of {@link AccessControlEntry}s to + * @param permissions an collection of {@link AdditionalPermission}s to * assign to the credential * @return the builder */ - public WriteRequestBuilder accessControlEntries(Collection accessControlEntries) { - initAccessControls(); - this.accessControlEntries.addAll(accessControlEntries); + public WriteRequestBuilder additionalPermissions(Collection permissions) { + initPermissions(); + this.additionalPermissions.addAll(permissions); return this; } - private void initAccessControls() { - if (this.accessControlEntries == null) { - this.accessControlEntries = new ArrayList(); + private void initPermissions() { + if (this.additionalPermissions == null) { + this.additionalPermissions = new ArrayList(); } } @@ -277,23 +277,23 @@ public class WriteRequest { * @return a {@link WriteRequest} */ public WriteRequest build() { - List accessControlEntries; - switch (this.accessControlEntries == null ? 0 - : this.accessControlEntries.size()) { + List permissions; + switch (this.additionalPermissions == null ? 0 + : this.additionalPermissions.size()) { case 0: - accessControlEntries = java.util.Collections.emptyList(); + permissions = java.util.Collections.emptyList(); break; case 1: - accessControlEntries = java.util.Collections - .singletonList(this.accessControlEntries.get(0)); + permissions = java.util.Collections + .singletonList(this.additionalPermissions.get(0)); break; default: - accessControlEntries = java.util.Collections.unmodifiableList( - new ArrayList(this.accessControlEntries)); + permissions = java.util.Collections.unmodifiableList( + new ArrayList(this.additionalPermissions)); } return new WriteRequest(name, overwrite, value, valueType, - accessControlEntries); + permissions); } } diff --git a/spring-credhub-core/src/test/java/org/springframework/credhub/support/WriteRequestUnitTests.java b/spring-credhub-core/src/test/java/org/springframework/credhub/support/WriteRequestUnitTests.java index ad785c6..72c35ad 100644 --- a/spring-credhub-core/src/test/java/org/springframework/credhub/support/WriteRequestUnitTests.java +++ b/spring-credhub-core/src/test/java/org/springframework/credhub/support/WriteRequestUnitTests.java @@ -29,8 +29,8 @@ import static org.hamcrest.CoreMatchers.allOf; import static org.hamcrest.CoreMatchers.equalTo; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; -import static org.springframework.credhub.support.AccessControlEntry.Operation.READ; -import static org.springframework.credhub.support.AccessControlEntry.Operation.WRITE; +import static org.springframework.credhub.support.AdditionalPermission.Operation.READ; +import static org.springframework.credhub.support.AdditionalPermission.Operation.WRITE; import static org.valid4j.matchers.jsonpath.JsonPathMatchers.hasJsonPath; import static org.valid4j.matchers.jsonpath.JsonPathMatchers.hasNoJsonPath; import static org.valid4j.matchers.jsonpath.JsonPathMatchers.isJson; @@ -72,7 +72,7 @@ public class WriteRequestUnitTests { hasJsonPath("$.value.data", equalTo("value")), hasJsonPath("$.value.test", equalTo(true)))); - assertThat(jsonValue, hasNoJsonPath("$.access_control_entries")); + assertThat(jsonValue, hasNoJsonPath("$.additional_permissions")); } @Test @@ -87,44 +87,44 @@ public class WriteRequestUnitTests { hasJsonPath("$.type", equalTo("password")), hasJsonPath("$.value", equalTo("secret")))); - assertThat(jsonValue, hasNoJsonPath("$.access_control_entries")); + assertThat(jsonValue, hasNoJsonPath("$.additional_permissions")); } @Test - public void serializationWithOneAccessControl() throws Exception { - requestBuilder.passwordValue("secret").accessControlEntry( - AccessControlEntry.builder().app("app-id").operation(READ).build()); + public void serializationWithOnePermission() throws Exception { + requestBuilder.passwordValue("secret").additionalPermission( + AdditionalPermission.builder().app("app-id").operation(READ).build()); String jsonValue = serializeToJson(requestBuilder); assertThat(jsonValue, - allOf(hasJsonPath("$.access_control_entries[0].actor", + allOf(hasJsonPath("$.additional_permissions[0].actor", equalTo("mtls-app:app-id")), - hasJsonPath("$.access_control_entries[0].operations[0]", + hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")))); } @Test - public void serializationWithTwoAccessControls() throws Exception { + public void serializationWithTwoPermissions() throws Exception { requestBuilder.passwordValue("secret") - .accessControlEntry(AccessControlEntry.builder().app("app1-id") + .additionalPermission(AdditionalPermission.builder().app("app1-id") .operation(READ).operation(WRITE).build()) - .accessControlEntry(AccessControlEntry.builder().app("app2-id") + .additionalPermission(AdditionalPermission.builder().app("app2-id") .operation(WRITE).operation(READ).build()); String jsonValue = serializeToJson(requestBuilder); assertThat(jsonValue, allOf( - hasJsonPath("$.access_control_entries[0].actor", + hasJsonPath("$.additional_permissions[0].actor", equalTo("mtls-app:app1-id")), - hasJsonPath("$.access_control_entries[0].operations[0]", equalTo("read")), - hasJsonPath("$.access_control_entries[0].operations[1]", + hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")), + hasJsonPath("$.additional_permissions[0].operations[1]", equalTo("write")), - hasJsonPath("$.access_control_entries[1].actor", + hasJsonPath("$.additional_permissions[1].actor", equalTo("mtls-app:app2-id")), - hasJsonPath("$.access_control_entries[1].operations[0]", + hasJsonPath("$.additional_permissions[1].operations[0]", equalTo("write")), - hasJsonPath("$.access_control_entries[1].operations[1]", + hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("read")))); } diff --git a/spring-credhub-demo/src/main/java/org/springframework/credhub/demo/CredHubDemoController.java b/spring-credhub-demo/src/main/java/org/springframework/credhub/demo/CredHubDemoController.java index 63c1003..7af000a 100644 --- a/spring-credhub-demo/src/main/java/org/springframework/credhub/demo/CredHubDemoController.java +++ b/spring-credhub-demo/src/main/java/org/springframework/credhub/demo/CredHubDemoController.java @@ -25,7 +25,7 @@ import java.util.Map; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.beans.factory.annotation.Value; import org.springframework.credhub.core.CredHubTemplate; -import org.springframework.credhub.support.AccessControlEntry; +import org.springframework.credhub.support.AdditionalPermission; import org.springframework.credhub.support.CredentialDetails; import org.springframework.credhub.support.CredentialName; import org.springframework.credhub.support.CredentialSummary; @@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; -import static org.springframework.credhub.support.AccessControlEntry.Operation.READ; +import static org.springframework.credhub.support.AdditionalPermission.Operation.READ; @RestController public class CredHubDemoController { @@ -81,8 +81,8 @@ public class CredHubDemoController { .jsonValue((Map) value); if (StringUtils.hasText(appId)) { - requestBuilder.accessControlEntry( - AccessControlEntry.builder().app(appId).operation(READ).build()); + requestBuilder.additionalPermission( + AdditionalPermission.builder().app(appId).operation(READ).build()); } WriteRequest request = requestBuilder.build();