Class DefaultZmsClient
- java.lang.Object
-
- com.yahoo.vespa.athenz.client.common.ClientBase
-
- com.yahoo.vespa.athenz.client.zms.DefaultZmsClient
-
- All Implemented Interfaces:
ZmsClient
,AutoCloseable
public class DefaultZmsClient extends ClientBase implements ZmsClient
- Author:
- bjorncs
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class com.yahoo.vespa.athenz.client.common.ClientBase
ClientBase.ClientExceptionFactory
-
-
Field Summary
-
Fields inherited from class com.yahoo.vespa.athenz.client.common.ClientBase
logger
-
-
Constructor Summary
Constructors Constructor Description DefaultZmsClient(URI zmsUrl, AthenzIdentity identity, SSLContext sslContext, ErrorHandler errorHandler)
DefaultZmsClient(URI zmsUrl, ServiceIdentityProvider identityProvider, ErrorHandler errorHandler)
-
Method Summary
-
Methods inherited from class com.yahoo.vespa.athenz.client.common.ClientBase
close, execute, readEntity, toJsonStringEntity
-
-
-
-
Constructor Detail
-
DefaultZmsClient
public DefaultZmsClient(URI zmsUrl, AthenzIdentity identity, SSLContext sslContext, ErrorHandler errorHandler)
-
DefaultZmsClient
public DefaultZmsClient(URI zmsUrl, ServiceIdentityProvider identityProvider, ErrorHandler errorHandler)
-
-
Method Detail
-
createTenancy
public void createTenancy(AthenzDomain tenantDomain, AthenzIdentity providerService, OktaIdentityToken identityToken, OktaAccessToken accessToken)
- Specified by:
createTenancy
in interfaceZmsClient
-
deleteTenancy
public void deleteTenancy(AthenzDomain tenantDomain, AthenzIdentity providerService, OktaIdentityToken identityToken, OktaAccessToken accessToken)
- Specified by:
deleteTenancy
in interfaceZmsClient
-
createProviderResourceGroup
public void createProviderResourceGroup(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, Set<RoleAction> roleActions, OktaIdentityToken identityToken, OktaAccessToken accessToken)
- Specified by:
createProviderResourceGroup
in interfaceZmsClient
-
deleteProviderResourceGroup
public void deleteProviderResourceGroup(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, OktaIdentityToken identityToken, OktaAccessToken accessToken)
- Specified by:
deleteProviderResourceGroup
in interfaceZmsClient
-
createTenantResourceGroup
public void createTenantResourceGroup(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup, Set<RoleAction> roleActions)
Description copied from interface:ZmsClient
For manual tenancy provisioning - only creates roles/policies on provider domain- Specified by:
createTenantResourceGroup
in interfaceZmsClient
-
getTenantResourceGroups
public Set<RoleAction> getTenantResourceGroups(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup)
- Specified by:
getTenantResourceGroups
in interfaceZmsClient
-
addRoleMember
public void addRoleMember(AthenzRole role, AthenzIdentity member, Optional<String> reason)
- Specified by:
addRoleMember
in interfaceZmsClient
-
deleteRoleMember
public void deleteRoleMember(AthenzRole role, AthenzIdentity member)
- Specified by:
deleteRoleMember
in interfaceZmsClient
-
getMembership
public boolean getMembership(AthenzRole role, AthenzIdentity identity)
- Specified by:
getMembership
in interfaceZmsClient
-
getGroupMembership
public boolean getGroupMembership(AthenzGroup group, AthenzIdentity identity)
- Specified by:
getGroupMembership
in interfaceZmsClient
-
getDomainList
public List<AthenzDomain> getDomainList(String prefix)
- Specified by:
getDomainList
in interfaceZmsClient
-
hasAccess
public boolean hasAccess(AthenzResourceName resource, String action, AthenzIdentity identity)
-
createPolicy
public void createPolicy(AthenzDomain athenzDomain, String athenzPolicy)
- Specified by:
createPolicy
in interfaceZmsClient
-
addPolicyRule
public void addPolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole)
- Specified by:
addPolicyRule
in interfaceZmsClient
-
deletePolicyRule
public boolean deletePolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole)
- Specified by:
deletePolicyRule
in interfaceZmsClient
-
getPolicy
public Optional<AthenzPolicy> getPolicy(AthenzDomain domain, String name)
-
listPendingRoleApprovals
public Map<AthenzUser,String> listPendingRoleApprovals(AthenzRole athenzRole)
- Specified by:
listPendingRoleApprovals
in interfaceZmsClient
-
approvePendingRoleMembership
public void approvePendingRoleMembership(AthenzRole athenzRole, AthenzUser athenzUser, Instant expiry, Optional<String> reason)
- Specified by:
approvePendingRoleMembership
in interfaceZmsClient
-
listMembers
public List<AthenzIdentity> listMembers(AthenzRole athenzRole)
- Specified by:
listMembers
in interfaceZmsClient
-
listServices
public List<AthenzService> listServices(AthenzDomain athenzDomain)
- Specified by:
listServices
in interfaceZmsClient
-
createOrUpdateService
public void createOrUpdateService(AthenzService athenzService)
- Specified by:
createOrUpdateService
in interfaceZmsClient
-
deleteService
public void deleteService(AthenzService athenzService)
- Specified by:
deleteService
in interfaceZmsClient
-
createRole
public void createRole(AthenzRole role, Map<String,Object> attributes)
- Specified by:
createRole
in interfaceZmsClient
-
listRoles
public Set<AthenzRole> listRoles(AthenzDomain domain)
-
listPolicies
public Set<String> listPolicies(AthenzDomain domain)
- Specified by:
listPolicies
in interfaceZmsClient
-
deleteRole
public void deleteRole(AthenzRole role)
- Specified by:
deleteRole
in interfaceZmsClient
-
-