model: add support for (dis)allowed policy glob patterns in TokenRole
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
b0d2b038eb
commit
feb6e147fe
GPG Key ID:
3887EC2A53B55430
@ -10,6 +10,7 @@
|
||||
* Model and response classes implement `Serializable` (#57)
|
||||
* Split `SercretResponse` into `PlainSecretResponse` and `MetaSecretResponse` subclasses (common API unchanged)
|
||||
* Add missing fields to `AuthMethod` model
|
||||
* Add support for (dis)allowed policy glob patterns in `TokenRole`
|
||||
|
||||
### Test
|
||||
* Tested against Vault 1.10.1
|
||||
|
||||
@ -34,7 +34,7 @@ import java.util.Objects;
|
||||
*/
|
||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||
public final class TokenRole implements Serializable {
|
||||
private static final long serialVersionUID = -6159563751115867561L;
|
||||
private static final long serialVersionUID = -3505215215838576321L;
|
||||
|
||||
/**
|
||||
* Get {@link Builder} instance.
|
||||
@ -53,10 +53,18 @@ public final class TokenRole implements Serializable {
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private List<String> allowedPolicies;
|
||||
|
||||
@JsonProperty("allowed_policies_glob")
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private List<String> allowedPoliciesGlob;
|
||||
|
||||
@JsonProperty("disallowed_policies")
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private List<String> disallowedPolicies;
|
||||
|
||||
@JsonProperty("disallowed_policies_glob")
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private List<String> disallowedPoliciesGlob;
|
||||
|
||||
@JsonProperty("orphan")
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private Boolean orphan;
|
||||
@ -106,7 +114,9 @@ public final class TokenRole implements Serializable {
|
||||
public TokenRole(final Builder builder) {
|
||||
this.name = builder.name;
|
||||
this.allowedPolicies = builder.allowedPolicies;
|
||||
this.allowedPoliciesGlob = builder.allowedPoliciesGlob;
|
||||
this.disallowedPolicies = builder.disallowedPolicies;
|
||||
this.disallowedPoliciesGlob = builder.disallowedPoliciesGlob;
|
||||
this.orphan = builder.orphan;
|
||||
this.renewable = builder.renewable;
|
||||
this.pathSuffix = builder.pathSuffix;
|
||||
@ -133,6 +143,14 @@ public final class TokenRole implements Serializable {
|
||||
return allowedPolicies;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return List of allowed policy glob patterns
|
||||
* @since 1.1
|
||||
*/
|
||||
public List<String> getAllowedPoliciesGlob() {
|
||||
return allowedPoliciesGlob;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return List of disallowed policies
|
||||
*/
|
||||
@ -140,6 +158,14 @@ public final class TokenRole implements Serializable {
|
||||
return disallowedPolicies;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return List of disallowed policy glob patterns
|
||||
* @since 1.1
|
||||
*/
|
||||
public List<String> getDisallowedPoliciesGlob() {
|
||||
return disallowedPoliciesGlob;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Is Token Role orphan?
|
||||
*/
|
||||
@ -220,7 +246,9 @@ public final class TokenRole implements Serializable {
|
||||
TokenRole tokenRole = (TokenRole) o;
|
||||
return Objects.equals(name, tokenRole.name) &&
|
||||
Objects.equals(allowedPolicies, tokenRole.allowedPolicies) &&
|
||||
Objects.equals(allowedPoliciesGlob, tokenRole.allowedPoliciesGlob) &&
|
||||
Objects.equals(disallowedPolicies, tokenRole.disallowedPolicies) &&
|
||||
Objects.equals(disallowedPoliciesGlob, tokenRole.disallowedPoliciesGlob) &&
|
||||
Objects.equals(orphan, tokenRole.orphan) &&
|
||||
Objects.equals(renewable, tokenRole.renewable) &&
|
||||
Objects.equals(pathSuffix, tokenRole.pathSuffix) &&
|
||||
@ -235,9 +263,9 @@ public final class TokenRole implements Serializable {
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(name, allowedPolicies, disallowedPolicies, orphan, renewable, pathSuffix,
|
||||
allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl, tokenNoDefaultPolicy, tokenNumUses,
|
||||
tokenPeriod, tokenType);
|
||||
return Objects.hash(name, allowedPolicies, allowedPoliciesGlob, disallowedPolicies, disallowedPoliciesGlob,
|
||||
orphan, renewable, pathSuffix, allowedEntityAliases, tokenBoundCidrs, tokenExplicitMaxTtl,
|
||||
tokenNoDefaultPolicy, tokenNumUses, tokenPeriod, tokenType);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -249,7 +277,9 @@ public final class TokenRole implements Serializable {
|
||||
public static final class Builder {
|
||||
private String name;
|
||||
private List<String> allowedPolicies;
|
||||
private List<String> allowedPoliciesGlob;
|
||||
private List<String> disallowedPolicies;
|
||||
private List<String> disallowedPoliciesGlob;
|
||||
private Boolean orphan;
|
||||
private Boolean renewable;
|
||||
private String pathSuffix;
|
||||
@ -304,6 +334,40 @@ public final class TokenRole implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an allowed policy glob pattern.
|
||||
*
|
||||
* @param allowedPolicyGlob allowed policy glob pattern to add
|
||||
* @return self
|
||||
* @since 1.1
|
||||
*/
|
||||
public Builder withAllowedPolicyGlob(final String allowedPolicyGlob) {
|
||||
if (allowedPolicyGlob != null) {
|
||||
if (this.allowedPoliciesGlob == null) {
|
||||
this.allowedPoliciesGlob = new ArrayList<>();
|
||||
}
|
||||
this.allowedPoliciesGlob.add(allowedPolicyGlob);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add allowed policy glob patterns.
|
||||
*
|
||||
* @param allowedPoliciesGlob list of allowed policy glob patterns
|
||||
* @return self
|
||||
* @since 1.1
|
||||
*/
|
||||
public Builder withAllowedPoliciesGlob(final List<String> allowedPoliciesGlob) {
|
||||
if (allowedPoliciesGlob != null) {
|
||||
if (this.allowedPoliciesGlob == null) {
|
||||
this.allowedPoliciesGlob = new ArrayList<>();
|
||||
}
|
||||
this.allowedPoliciesGlob.addAll(allowedPoliciesGlob);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a disallowed policy.
|
||||
*
|
||||
@ -336,6 +400,40 @@ public final class TokenRole implements Serializable {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an allowed policy glob pattern.
|
||||
*
|
||||
* @param disallowedPolicyGlob disallowed policy glob pattern to add
|
||||
* @return self
|
||||
* @since 1.1
|
||||
*/
|
||||
public Builder withDisallowedPolicyGlob(final String disallowedPolicyGlob) {
|
||||
if (disallowedPolicyGlob != null) {
|
||||
if (this.disallowedPoliciesGlob == null) {
|
||||
this.disallowedPoliciesGlob = new ArrayList<>();
|
||||
}
|
||||
this.disallowedPoliciesGlob.add(disallowedPolicyGlob);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add disallowed policy glob patterns.
|
||||
*
|
||||
* @param disallowedPoliciesGlob list of disallowed policy glob patterns
|
||||
* @return self
|
||||
* @since 1.1
|
||||
*/
|
||||
public Builder withDisallowedPoliciesGlob(final List<String> disallowedPoliciesGlob) {
|
||||
if (disallowedPoliciesGlob != null) {
|
||||
if (this.disallowedPoliciesGlob == null) {
|
||||
this.disallowedPoliciesGlob = new ArrayList<>();
|
||||
}
|
||||
this.disallowedPoliciesGlob.addAll(disallowedPoliciesGlob);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set TRUE if the token role should be created orphan.
|
||||
*
|
||||
|
||||
@ -37,10 +37,18 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
||||
private static final String ALLOWED_POLICY_2 = "apol-2";
|
||||
private static final String ALLOWED_POLICY_3 = "apol-3";
|
||||
private static final List<String> ALLOWED_POLICIES = Arrays.asList(ALLOWED_POLICY_1, ALLOWED_POLICY_2);
|
||||
private static final String ALLOWED_POLICY_GLOB_1 = "apol-g1*";
|
||||
private static final String ALLOWED_POLICY_GLOB_2 = "apol-g2*";
|
||||
private static final String ALLOWED_POLICY_GLOB_3 = "apol-g3*";
|
||||
private static final List<String> ALLOWED_POLICIES_GLOB = Arrays.asList(ALLOWED_POLICY_GLOB_2, ALLOWED_POLICY_GLOB_3);
|
||||
private static final String DISALLOWED_POLICY_1 = "dpol-1";
|
||||
private static final String DISALLOWED_POLICY_2 = "dpol-2";
|
||||
private static final String DISALLOWED_POLICY_3 = "dpol-3";
|
||||
private static final List<String> DISALLOWED_POLICIES = Arrays.asList(DISALLOWED_POLICY_2, DISALLOWED_POLICY_3);
|
||||
private static final String DISALLOWED_POLICY_GLOB_1 = "dpol-g1*";
|
||||
private static final String DISALLOWED_POLICY_GLOB_2 = "dpol-g2*";
|
||||
private static final String DISALLOWED_POLICY_GLOB_3 = "dpol-g3*";
|
||||
private static final List<String> DISALLOWED_POLICIES_GLOB = Arrays.asList(DISALLOWED_POLICY_GLOB_1, DISALLOWED_POLICY_GLOB_2);
|
||||
private static final Boolean ORPHAN = false;
|
||||
private static final Boolean RENEWABLE = true;
|
||||
private static final String PATH_SUFFIX = "ps";
|
||||
@ -61,7 +69,9 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
||||
private static final String JSON_FULL = "{" +
|
||||
"\"name\":\"" + NAME + "\"," +
|
||||
"\"allowed_policies\":[\"" + ALLOWED_POLICY_1 + "\",\"" + ALLOWED_POLICY_2 + "\",\"" + ALLOWED_POLICY_3 + "\"]," +
|
||||
"\"allowed_policies_glob\":[\"" + ALLOWED_POLICY_GLOB_1 + "\",\"" + ALLOWED_POLICY_GLOB_2 + "\",\"" + ALLOWED_POLICY_GLOB_3 + "\"]," +
|
||||
"\"disallowed_policies\":[\"" + DISALLOWED_POLICY_1 + "\",\"" + DISALLOWED_POLICY_2 + "\",\"" + DISALLOWED_POLICY_3 + "\"]," +
|
||||
"\"disallowed_policies_glob\":[\"" + DISALLOWED_POLICY_GLOB_1 + "\",\"" + DISALLOWED_POLICY_GLOB_2 + "\",\"" + DISALLOWED_POLICY_GLOB_3 + "\"]," +
|
||||
"\"orphan\":" + ORPHAN + "," +
|
||||
"\"renewable\":" + RENEWABLE + "," +
|
||||
"\"path_suffix\":\"" + PATH_SUFFIX + "\"," +
|
||||
@ -83,8 +93,12 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
||||
.forName(NAME)
|
||||
.withAllowedPolicies(ALLOWED_POLICIES)
|
||||
.withAllowedPolicy(ALLOWED_POLICY_3)
|
||||
.withAllowedPolicyGlob(ALLOWED_POLICY_GLOB_1)
|
||||
.withAllowedPoliciesGlob(ALLOWED_POLICIES_GLOB)
|
||||
.withDisallowedPolicy(DISALLOWED_POLICY_1)
|
||||
.withDisallowedPolicies(DISALLOWED_POLICIES)
|
||||
.withDisallowedPoliciesGlob(DISALLOWED_POLICIES_GLOB)
|
||||
.withDisallowedPolicyGlob(DISALLOWED_POLICY_GLOB_3)
|
||||
.orphan(ORPHAN)
|
||||
.renewable(RENEWABLE)
|
||||
.withPathSuffix(PATH_SUFFIX)
|
||||
@ -175,8 +189,12 @@ class TokenRoleTest extends AbstractModelTest<TokenRole> {
|
||||
assertEquals(NAME, role.getName());
|
||||
assertEquals(ALLOWED_POLICIES.size() + 1, role.getAllowedPolicies().size());
|
||||
assertTrue(role.getAllowedPolicies().containsAll(List.of(ALLOWED_POLICY_1, ALLOWED_POLICY_2, ALLOWED_POLICY_3)));
|
||||
assertEquals(ALLOWED_POLICIES_GLOB.size() + 1, role.getAllowedPoliciesGlob().size());
|
||||
assertTrue(role.getAllowedPoliciesGlob().containsAll(List.of(ALLOWED_POLICY_GLOB_1, ALLOWED_POLICY_GLOB_2, ALLOWED_POLICY_GLOB_3)));
|
||||
assertEquals(DISALLOWED_POLICIES.size() + 1, role.getDisallowedPolicies().size());
|
||||
assertTrue(role.getDisallowedPolicies().containsAll(List.of(DISALLOWED_POLICY_1, DISALLOWED_POLICY_2, DISALLOWED_POLICY_3)));
|
||||
assertEquals(DISALLOWED_POLICIES_GLOB.size() + 1, role.getDisallowedPoliciesGlob().size());
|
||||
assertTrue(role.getDisallowedPoliciesGlob().containsAll(List.of(DISALLOWED_POLICY_GLOB_1, DISALLOWED_POLICY_GLOB_2, DISALLOWED_POLICY_GLOB_3)));
|
||||
assertEquals(ORPHAN, role.getOrphan());
|
||||
assertEquals(RENEWABLE, role.getRenewable());
|
||||
assertEquals(PATH_SUFFIX, role.getPathSuffix());
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user