From 86ba84f4196a2d631edeef949453f2fdc5f3ffdc Mon Sep 17 00:00:00 2001 From: Scott Frederick Date: Wed, 4 Oct 2017 16:54:32 -0500 Subject: [PATCH] Support "user" and "client" permissions without a zone ID. --- .../credhub/support/permissions/Actor.java | 23 ++++++++++++++++ .../permissions/CredentialPermission.java | 27 +++++++++++++++++++ .../support/CredHubRequestUnitTestsBase.java | 16 +++++++++-- 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/Actor.java b/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/Actor.java index 75856cc..a119300 100644 --- a/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/Actor.java +++ b/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/Actor.java @@ -58,6 +58,18 @@ public class Actor { return new Actor(APP, appId); } + /** + * Create a user identifier. A user is identified by a GUID generated by UAA when + * a user account is created. + * + * @param userId the UAA user GUID + * @return the created {@literal Actor} + */ + public static Actor user(String userId) { + Assert.notNull(userId, "userId must not be null"); + return new Actor(USER, userId); + } + /** * Create a user identifier. A user is identified by a GUID generated by UAA when * a user account is created and the ID of the identity zone the user was created in. @@ -72,6 +84,17 @@ public class Actor { return new Actor(USER, zoneId + "/" + userId); } + /** + * Create an OAuth2 client identifier. A client identified by user-provided identifier. + * + * @param clientId the UAA client ID + * @return the created {@literal Actor} + */ + public static Actor client(String clientId) { + Assert.notNull(clientId, "clientId must not be null"); + return new Actor(OAUTH_CLIENT, clientId); + } + /** * Create an OAuth2 client identifier. A client identified by user-provided identifier * and the ID of the identity zone the client was created in. diff --git a/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/CredentialPermission.java b/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/CredentialPermission.java index 36382d2..a678136 100644 --- a/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/CredentialPermission.java +++ b/spring-credhub-core/src/main/java/org/springframework/credhub/support/permissions/CredentialPermission.java @@ -167,6 +167,20 @@ public class CredentialPermission { return this; } + /** + * Set the ID of a user that will be assigned permissions on a credential. + * This is typically a GUID generated by UAA when a user account is created. + * + * @param userId user ID; must not be {@literal null} + * @return the builder + */ + public CredentialPermissionBuilder user(String userId) { + Assert.notNull(userId, "userId must not be null"); + Assert.isNull(actor, "only one actor can be specified"); + this.actor = Actor.user(userId); + return this; + } + /** * Set the ID of a user that will be assigned permissions on a credential. * This is typically a GUID generated by UAA when a user account is created. @@ -183,6 +197,19 @@ public class CredentialPermission { return this; } + /** + * Set the ID of an OAuth2 client that will be assigned permissions on a credential. + * + * @param clientId OAuth2 client ID; must not be {@literal null} + * @return the builder + */ + public CredentialPermissionBuilder client(String clientId) { + Assert.notNull(clientId, "clientId must not be null"); + Assert.isNull(actor, "only one actor can be specified"); + this.actor = Actor.client(clientId); + return this; + } + /** * Set the ID of an OAuth2 client that will be assigned permissions on a credential. * diff --git a/spring-credhub-core/src/test/java/org/springframework/credhub/support/CredHubRequestUnitTestsBase.java b/spring-credhub-core/src/test/java/org/springframework/credhub/support/CredHubRequestUnitTestsBase.java index 17071f8..3fc42db 100644 --- a/spring-credhub-core/src/test/java/org/springframework/credhub/support/CredHubRequestUnitTestsBase.java +++ b/spring-credhub-core/src/test/java/org/springframework/credhub/support/CredHubRequestUnitTestsBase.java @@ -64,7 +64,7 @@ public abstract class CredHubRequestUnitTestsBase { } @Test - public void serializationWithTwoPermissions() throws Exception { + public void serializationWithThreePermissions() throws Exception { requestBuilder .permission(CredentialPermission.builder() .app("app-id") @@ -73,6 +73,10 @@ public abstract class CredHubRequestUnitTestsBase { .permission(CredentialPermission.builder() .user("zone1", "user-id") .operations(READ_ACL, WRITE_ACL) + .build()) + .permission(CredentialPermission.builder() + .client("client-id") + .operations(READ, WRITE, READ_ACL, WRITE_ACL) .build()); String jsonValue = serializeToJson(requestBuilder); @@ -82,10 +86,18 @@ public abstract class CredHubRequestUnitTestsBase { equalTo(Actor.app("app-id").getIdentity())), hasJsonPath("$.additional_permissions[0].operations[0]", equalTo("read")), hasJsonPath("$.additional_permissions[0].operations[1]", equalTo("write")), + hasJsonPath("$.additional_permissions[1].actor", equalTo(Actor.user("zone1", "user-id").getIdentity())), hasJsonPath("$.additional_permissions[1].operations[0]", equalTo("read_acl")), - hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("write_acl")) + hasJsonPath("$.additional_permissions[1].operations[1]", equalTo("write_acl")), + + hasJsonPath("$.additional_permissions[2].actor", + equalTo(Actor.client("client-id").getIdentity())), + hasJsonPath("$.additional_permissions[2].operations[0]", equalTo("read")), + hasJsonPath("$.additional_permissions[2].operations[1]", equalTo("write")), + hasJsonPath("$.additional_permissions[2].operations[2]", equalTo("read_acl")), + hasJsonPath("$.additional_permissions[2].operations[3]", equalTo("write_acl")) ) ); }