Example 26 with NamespaceIamRoleAuthorizationEntity
use of org.finra.herd.model.jpa.NamespaceIamRoleAuthorizationEntity in project herd by FINRAOS.
the class NamespaceIamRoleAuthorizationServiceImpl method createNamespaceIamRoleAuthorization.
@NamespacePermission(fields = "#request?.namespace", permissions = NamespacePermissionEnum.GRANT)
@Override
public NamespaceIamRoleAuthorization createNamespaceIamRoleAuthorization(NamespaceIamRoleAuthorizationCreateRequest request) {
Assert.notNull(request, "NamespaceIamRoleAuthorizationCreateRequest must be specified");
Assert.hasText(request.getNamespace(), "Namespace must be specified");
validateIamRoles(request.getIamRoles());
NamespaceEntity namespaceEntity = namespaceDaoHelper.getNamespaceEntity(request.getNamespace().trim());
assertNamespaceIamRoleAuthorizationNotExist(namespaceEntity);
NamespaceIamRoleAuthorization result = new NamespaceIamRoleAuthorization(namespaceEntity.getCode(), new ArrayList<>());
for (IamRole iamRole : request.getIamRoles()) {
NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity = createNamespaceIamRoleAuthorizationEntity(namespaceEntity, iamRole);
namespaceIamRoleAuthorizationDao.saveAndRefresh(namespaceIamRoleAuthorizationEntity);
result.getIamRoles().add(new IamRole(namespaceIamRoleAuthorizationEntity.getIamRoleName(), namespaceIamRoleAuthorizationEntity.getDescription()));
}
return result;
}
Also used :
NamespaceEntity(org.finra.herd.model.jpa.NamespaceEntity)
NamespaceIamRoleAuthorization(org.finra.herd.model.api.xml.NamespaceIamRoleAuthorization)
IamRole(org.finra.herd.model.api.xml.IamRole)
NamespaceIamRoleAuthorizationEntity(org.finra.herd.model.jpa.NamespaceIamRoleAuthorizationEntity)
NamespacePermission(org.finra.herd.model.annotation.NamespacePermission)
Example 27 with NamespaceIamRoleAuthorizationEntity
use of org.finra.herd.model.jpa.NamespaceIamRoleAuthorizationEntity in project herd by FINRAOS.
the class NamespaceIamRoleAuthorizationHelper method checkPermissions.
/**
* Throws AccessDeniedException if the given namespace is not authorized to access any of the given IAM role names. The IAM role names are case-insensitive.
* This method does nothing if ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED is false.
*
* @param namespaceEntity The namespace entity
* @param requestedIamRoleNames The collection of requested IAM role names
*/
public void checkPermissions(NamespaceEntity namespaceEntity, Collection<String> requestedIamRoleNames) {
if (Boolean.TRUE.equals(configurationHelper.getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED))) {
// Get the authorized IAM roles as upper case so that we can check in a case-insensitive manner
Set<String> authorizedIamRoleNamesUpper = new HashSet<>();
for (NamespaceIamRoleAuthorizationEntity namespaceIamRoleAuthorizationEntity : namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(namespaceEntity)) {
authorizedIamRoleNamesUpper.add(namespaceIamRoleAuthorizationEntity.getIamRoleName().toUpperCase().trim());
}
// Gather unauthorized IAM roles
Set<String> unauthorizedIamRoles = new TreeSet<>();
for (String requestedIamRoleName : requestedIamRoleNames) {
// Ignore blank and null IAM roles
if (StringUtils.isNotBlank(requestedIamRoleName) && !authorizedIamRoleNamesUpper.contains(requestedIamRoleName.toUpperCase().trim())) {
unauthorizedIamRoles.add(requestedIamRoleName);
}
}
if (!unauthorizedIamRoles.isEmpty()) {
throw new AccessDeniedException(String.format("The namespace \"%s\" does not have access to the following IAM roles: %s", namespaceEntity.getCode(), unauthorizedIamRoles));
}
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
TreeSet(java.util.TreeSet)
NamespaceIamRoleAuthorizationEntity(org.finra.herd.model.jpa.NamespaceIamRoleAuthorizationEntity)
HashSet(java.util.HashSet)
Aggregations
NamespaceIamRoleAuthorizationEntity (org.finra.herd.model.jpa.NamespaceIamRoleAuthorizationEntity)27
NamespaceEntity (org.finra.herd.model.jpa.NamespaceEntity)24
Test (org.junit.Test)19
ArrayList (java.util.ArrayList)14
IamRole (org.finra.herd.model.api.xml.IamRole)13
NamespaceIamRoleAuthorization (org.finra.herd.model.api.xml.NamespaceIamRoleAuthorization)12
AbstractServiceTest (org.finra.herd.service.AbstractServiceTest)7
NamespacePermission (org.finra.herd.model.annotation.NamespacePermission)4
List (java.util.List)3
AccessDeniedException (org.springframework.security.access.AccessDeniedException)3
AlreadyExistsException (org.finra.herd.model.AlreadyExistsException)2
ObjectNotFoundException (org.finra.herd.model.ObjectNotFoundException)2
NamespaceIamRoleAuthorizationUpdateRequest (org.finra.herd.model.api.xml.NamespaceIamRoleAuthorizationUpdateRequest)2
NamespaceIamRoleAuthorizations (org.finra.herd.model.api.xml.NamespaceIamRoleAuthorizations)2
HashSet (java.util.HashSet)1
LinkedHashMap (java.util.LinkedHashMap)1
TreeSet (java.util.TreeSet)1
CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)1
NamespaceIamRoleAuthorizationCreateRequest (org.finra.herd.model.api.xml.NamespaceIamRoleAuthorizationCreateRequest)1
