Class DefaultZmsClient
java.lang.Object
com.yahoo.vespa.athenz.client.common.ClientBase
com.yahoo.vespa.athenz.client.zms.DefaultZmsClient
- All Implemented Interfaces:
ZmsClient
,Closeable
,AutoCloseable
- Author:
- bjorncs
-
Nested Class Summary
Nested classes/interfaces inherited from class com.yahoo.vespa.athenz.client.common.ClientBase
ClientBase.ClientExceptionFactory
-
Field Summary
Fields inherited from class com.yahoo.vespa.athenz.client.common.ClientBase
logger
-
Constructor Summary
ConstructorDescriptionDefaultZmsClient
(URI zmsUrl, AthenzIdentity identity, SSLContext sslContext, ErrorHandler errorHandler) DefaultZmsClient
(URI zmsUrl, ServiceIdentityProvider identityProvider, ErrorHandler errorHandler) -
Method Summary
Modifier and TypeMethodDescriptionvoid
addPolicyRule
(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) void
addRoleMember
(AthenzRole role, AthenzIdentity member, Optional<String> reason) void
createOrUpdateService
(AthenzService athenzService) void
createPolicy
(AthenzDomain athenzDomain, String athenzPolicy) void
createProviderResourceGroup
(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, Set<RoleAction> roleActions, OAuthCredentials oAuthCredentials) void
createRole
(AthenzRole role, Map<String, Object> attributes) void
createSubdomain
(AthenzDomain parent, String name, Map<String, Object> attributes) void
createTenancy
(AthenzDomain tenantDomain, AthenzIdentity providerService, OAuthCredentials oAuthCredentials) void
createTenantResourceGroup
(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup, Set<RoleAction> roleActions) For manual tenancy provisioning - only creates roles/policies on provider domainvoid
decidePendingRoleMembership
(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials, boolean approve) void
deletePolicy
(AthenzDomain domain, String athenzPolicy) boolean
deletePolicyRule
(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) void
deleteProviderResourceGroup
(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, OAuthCredentials oAuthCredentials) void
deleteRole
(AthenzRole role) void
deleteRoleMember
(AthenzRole role, AthenzIdentity member) void
deleteService
(AthenzService athenzService) void
deleteSubdomain
(AthenzDomain parent, String name) void
deleteTenancy
(AthenzDomain tenantDomain, AthenzIdentity providerService, OAuthCredentials oAuthCredentials) getDomainList
(String prefix) getDomainListByAccount
(String account) getDomainMeta
(AthenzDomain domain) boolean
getGroupMembership
(AthenzGroup group, AthenzIdentity identity) boolean
getMembership
(AthenzRole role, AthenzIdentity identity) getPolicy
(AthenzDomain domain, String name) getTenantResourceGroups
(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup) boolean
hasAccess
(AthenzResourceName resource, String action, AthenzIdentity identity) listMembers
(AthenzRole athenzRole) listPendingRoleApprovals
(AthenzRole athenzRole) listPolicies
(AthenzDomain domain) listRoles
(AthenzDomain domain) listServices
(AthenzDomain athenzDomain) void
updateDomain
(AthenzDomain domain, String mainKey, Map<String, Object> attributes) void
updateProviderEndpoint
(AthenzService athenzService, String endpoint) void
updateServicePublicKey
(AthenzService athenzService, String publicKeyId, PublicKey publicKey) Methods inherited from class com.yahoo.vespa.athenz.client.common.ClientBase
close, execute, readEntity, toJsonStringEntity
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.yahoo.vespa.athenz.client.zms.ZmsClient
close, createSubdomain
-
Constructor Details
-
DefaultZmsClient
public DefaultZmsClient(URI zmsUrl, AthenzIdentity identity, SSLContext sslContext, ErrorHandler errorHandler) -
DefaultZmsClient
public DefaultZmsClient(URI zmsUrl, ServiceIdentityProvider identityProvider, ErrorHandler errorHandler)
-
-
Method Details
-
createTenancy
public void createTenancy(AthenzDomain tenantDomain, AthenzIdentity providerService, OAuthCredentials oAuthCredentials) - Specified by:
createTenancy
in interfaceZmsClient
-
deleteTenancy
public void deleteTenancy(AthenzDomain tenantDomain, AthenzIdentity providerService, OAuthCredentials oAuthCredentials) - Specified by:
deleteTenancy
in interfaceZmsClient
-
createProviderResourceGroup
public void createProviderResourceGroup(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, Set<RoleAction> roleActions, OAuthCredentials oAuthCredentials) - Specified by:
createProviderResourceGroup
in interfaceZmsClient
-
deleteProviderResourceGroup
public void deleteProviderResourceGroup(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, OAuthCredentials oAuthCredentials) - Specified by:
deleteProviderResourceGroup
in interfaceZmsClient
-
createTenantResourceGroup
public void createTenantResourceGroup(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup, Set<RoleAction> roleActions) Description copied from interface:ZmsClient
For manual tenancy provisioning - only creates roles/policies on provider domain- Specified by:
createTenantResourceGroup
in interfaceZmsClient
-
getTenantResourceGroups
public Set<RoleAction> getTenantResourceGroups(AthenzDomain tenantDomain, AthenzIdentity provider, String resourceGroup) - Specified by:
getTenantResourceGroups
in interfaceZmsClient
-
addRoleMember
- Specified by:
addRoleMember
in interfaceZmsClient
-
deleteRoleMember
- Specified by:
deleteRoleMember
in interfaceZmsClient
-
getMembership
- Specified by:
getMembership
in interfaceZmsClient
-
getGroupMembership
- Specified by:
getGroupMembership
in interfaceZmsClient
-
getDomainList
- Specified by:
getDomainList
in interfaceZmsClient
-
getDomainListByAccount
- Specified by:
getDomainListByAccount
in interfaceZmsClient
-
getDomainMeta
- Specified by:
getDomainMeta
in interfaceZmsClient
-
updateDomain
- Specified by:
updateDomain
in interfaceZmsClient
-
hasAccess
-
createPolicy
- Specified by:
createPolicy
in interfaceZmsClient
-
addPolicyRule
public void addPolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) - Specified by:
addPolicyRule
in interfaceZmsClient
-
deletePolicyRule
public boolean deletePolicyRule(AthenzDomain athenzDomain, String athenzPolicy, String action, AthenzResourceName resourceName, AthenzRole athenzRole) - Specified by:
deletePolicyRule
in interfaceZmsClient
-
getPolicy
-
listPendingRoleApprovals
- Specified by:
listPendingRoleApprovals
in interfaceZmsClient
-
decidePendingRoleMembership
public void decidePendingRoleMembership(AthenzRole athenzRole, AthenzIdentity athenzIdentity, Instant expiry, Optional<String> reason, Optional<OAuthCredentials> oAuthCredentials, boolean approve) - Specified by:
decidePendingRoleMembership
in interfaceZmsClient
-
listMembers
- Specified by:
listMembers
in interfaceZmsClient
-
listServices
- Specified by:
listServices
in interfaceZmsClient
-
createOrUpdateService
- Specified by:
createOrUpdateService
in interfaceZmsClient
-
updateServicePublicKey
public void updateServicePublicKey(AthenzService athenzService, String publicKeyId, PublicKey publicKey) - Specified by:
updateServicePublicKey
in interfaceZmsClient
-
updateProviderEndpoint
- Specified by:
updateProviderEndpoint
in interfaceZmsClient
-
deleteService
- Specified by:
deleteService
in interfaceZmsClient
-
createRole
- Specified by:
createRole
in interfaceZmsClient
-
listRoles
-
listPolicies
- Specified by:
listPolicies
in interfaceZmsClient
-
deleteRole
- Specified by:
deleteRole
in interfaceZmsClient
-
createSubdomain
- Specified by:
createSubdomain
in interfaceZmsClient
-
getQuotaUsage
- Specified by:
getQuotaUsage
in interfaceZmsClient
-
deleteSubdomain
- Specified by:
deleteSubdomain
in interfaceZmsClient
-
deletePolicy
- Specified by:
deletePolicy
in interfaceZmsClient
-
getFullRoleInformation
- Specified by:
getFullRoleInformation
in interfaceZmsClient
-