com.netflix.spinnaker.fiat.model.resources.Permissions Java Examples

protected void applyNewPermissions(
    Application.Permission updatedPermission, boolean chaosMonkeyEnabled) {
  Permissions permissions = updatedPermission.getPermissions();

  Map<Authorization, List<String>> unpackedPermissions = permissions.unpack();
  unpackedPermissions.forEach(
      (key, value) -> {
        List<String> roles = new ArrayList<>(value);
        if (key == Authorization.READ || key == Authorization.WRITE) {
          if (chaosMonkeyEnabled && shouldAdd(updatedPermission, key)) {
            roles.add(properties.getUserRole());
          } else if (chaosMonkeyEnabled && shouldRemove(updatedPermission, key)) {
            roles.removeAll(Collections.singletonList(properties.getUserRole()));
          } else if (!chaosMonkeyEnabled) {
            roles.removeAll(Collections.singletonList(properties.getUserRole()));
          }
        }
        unpackedPermissions.put(key, roles);
      });
  Permissions newPermissions = Permissions.factory(unpackedPermissions);

  updatedPermission.setPermissions(newPermissions);
}
 

@JsonSetter
public void setRequiredGroupMembership(List<String> requiredGroupMembership) {
  log.warn(
      "Required group membership settings detected in application {} "
          + "Please update to `permissions` format.",
      StructuredArguments.value("application", name));

  if (!permissions.isRestricted()) { // Do not overwrite permissions if it contains values
    final Permissions.Builder b = new Permissions.Builder();
    requiredGroupMembership.forEach(
        it -> {
          b.add(Authorization.READ, it.trim().toLowerCase());
          b.add(Authorization.WRITE, it.trim().toLowerCase());
        });
    permissions = b.build();
  }
}
 

protected static void updatePermissions(
    Permissions.Builder permissions,
    List<String> readPermissions,
    String addReadPermission,
    String removeReadPermission,
    List<String> writePermissions,
    String addWritePermission,
    String removeWritePermission) {
  List<String> resolvedReadPermissions =
      updateStringList(
          permissions.get(Authorization.READ),
          readPermissions,
          addReadPermission,
          removeReadPermission);
  List<String> resolvedWritePermissions =
      updateStringList(
          permissions.get(Authorization.WRITE),
          writePermissions,
          addWritePermission,
          removeWritePermission);

  permissions.clear();
  permissions.add(Authorization.READ, resolvedReadPermissions);
  permissions.add(Authorization.WRITE, resolvedWritePermissions);
}
 

@Override
@Nonnull
public Permissions getPermissions(@Nonnull Application resource) {
  Permissions storedPermissions = resource.getPermissions();
  if (storedPermissions == null || !storedPermissions.isRestricted()) {
    return Permissions.EMPTY;
  }

  Map<Authorization, List<String>> authorizations =
      Arrays.stream(Authorization.values()).collect(toMap(identity(), storedPermissions::get));

  // CREATE permissions are not allowed on the resource level.
  authorizations.remove(Authorization.CREATE);

  return Permissions.Builder.factory(authorizations).build();
}
 

@Nonnull
@Override
public Permissions getPermissions(@Nonnull T resource) {

  List<PrefixEntry<T>> matchingPrefixes =
      prefixes.stream().filter(prefix -> prefix.contains(resource)).collect(Collectors.toList());

  if (matchingPrefixes.isEmpty()) {
    return Permissions.EMPTY;
  }

  switch (resolutionStrategy) {
    case AGGREGATE:
      return getAggregatePermissions(matchingPrefixes);
    case MOST_SPECIFIC:
      return getMostSpecificPermissions(matchingPrefixes);
    default:
      throw new IllegalStateException(
          "Unrecognized Resolution Stratgey " + resolutionStrategy.name());
  }
}
 

private Permissions getMostSpecificPermissions(List<PrefixEntry<T>> matchingPrefixes) {
  return matchingPrefixes.stream()
      .min(
          (p1, p2) -> {
            if (p1.isFullApplicationName()) {
              return -1;
            }
            return p2.getPrefix().length() - p1.getPrefix().length();
          })
      .get()
      .getPermissions();
}
 

@Override
protected Set<Application> loadAll() throws ProviderException {
  try {
    List<Application> front50Applications = front50Service.getAllApplications();
    List<Application> clouddriverApplications = clouddriverService.getApplications();

    // Stream front50 first so that if there's a name collision, we'll keep that one instead of
    // the clouddriver application (since front50 might have permissions stored on it, but the
    // clouddriver version definitely won't)
    List<Application> applications =
        Streams.concat(front50Applications.stream(), clouddriverApplications.stream())
            .filter(distinctByKey(a -> a.getName().toUpperCase()))
            // Collect to a list instead of set since we're about to modify the applications
            .collect(toImmutableList());

    applications.forEach(
        application -> {
          Permissions permissions = permissionProvider.getPermissions(application);

          // Check to see if we need to fallback permissions to the configured fallback
          application.setPermissions(
              executeFallbackPermissionsResolver.shouldResolve(permissions)
                  ? executeFallbackPermissionsResolver.resolve(permissions)
                  : permissions);
        });

    if (allowAccessToUnknownApplications) {
      // no need to include applications w/o explicit permissions if we're allowing access to
      // unknown applications by default
      return applications.stream()
          .filter(a -> a.getPermissions().isRestricted())
          .collect(toImmutableSet());
    } else {
      return ImmutableSet.copyOf(applications);
    }
  } catch (RuntimeException e) {
    throw new ProviderException(this.getClass(), e);
  }
}
 

@Override
@Nonnull
public Permissions getPermissions(@Nonnull T resource) {
  return Optional.ofNullable(resource)
      .map(Resource.AccessControlled::getPermissions)
      .filter(Permissions::isRestricted)
      .orElse(Permissions.EMPTY);
}
 

@Nonnull
@Override
public Permissions getPermissions(@Nonnull Application application) {
  Permissions.Builder builder = new Permissions.Builder();
  Permissions permissions = application.getPermissions();

  if (permissions.isRestricted()) {
    if (isChaosMonkeyEnabled(application)) {
      builder.add(Authorization.READ, roles).add(Authorization.WRITE, roles).build();
    }
  }

  return builder.build();
}
 

@Override
@Nonnull
public Permissions getPermissions(@Nonnull T resource) {
  Permissions.Builder builder = new Permissions.Builder();
  for (ResourcePermissionSource<T> source : resourcePermissionSources) {
    Permissions permissions = source.getPermissions(resource);
    if (permissions.isRestricted()) {
      for (Authorization auth : Authorization.values()) {
        builder.add(auth, permissions.get(auth));
      }
    }
  }

  return builder.build();
}
 

private Permissions getAggregatePermissions(List<PrefixEntry<T>> matchingPrefixes) {
  Permissions.Builder builder = new Permissions.Builder();
  for (PrefixEntry<T> prefix : matchingPrefixes) {
    Permissions permissions = prefix.getPermissions();
    if (permissions.isRestricted()) {
      for (Authorization auth : Authorization.values()) {
        builder.add(auth, permissions.get(auth));
      }
    }
  }

  return builder.build();
}
 

@Override
public boolean shouldResolve(@Nonnull Permissions permissions) {
  return permissions.isRestricted() && permissions.get(fallbackFrom).isEmpty();
}
 

public PrefixEntry setPermissions(Map<Authorization, List<String>> permissions) {
  this.permissions = Permissions.factory(permissions);
  return this;
}
 

@Override
@Nonnull
public Permissions getPermissions(@Nonnull T resource) {
  return resourcePermissionSource.getPermissions(resource);
}
 

public Permissions getPermissions() {
  return permissions;
}
 

public void setPermissions(Permissions permissions) {
  this.permissions = permissions;
}
 

@Override
public Permissions resolve(@Nonnull Permissions permissions) {
  Map<Authorization, List<String>> authorizations = permissions.unpack();
  authorizations.put(fallbackFrom, authorizations.get(fallbackTo));
  return Permissions.Builder.factory(authorizations).build();
}
 

/**
 * Retrieves Permissions for the supplied resource.
 *
 * @param resource the resource for which to get permissions (never null)
 * @return the Permissions for the resource (never null - use Permissions.EMPTY or apply some
 *     restriction)
 */
@Nonnull
Permissions getPermissions(@Nonnull T resource);
 

/**
 * Retrieves Permissions for the supplied resource.
 *
 * @param resource the resource for which to get permissions (never null)
 * @return the Permissions for the resource (never null - use Permissions.EMPTY or apply some
 *     restriction)
 */
@Nonnull
Permissions getPermissions(@Nonnull T resource);
 

/**
 * Resolve fallback permissions.
 *
 * @param permissions
 * @return The resolved Permissions
 */
Permissions resolve(@Nonnull Permissions permissions);
 

/**
 * Determine if resolving fallback permissions is necessary - typically checking if permissions
 * are restricted.
 *
 * @param permissions
 * @return boolean
 */
boolean shouldResolve(@Nonnull Permissions permissions);