feat(auth): parse resource definition filter value

RHINENG-1304
RedHatInsights · Jul 21, 2023 · d161bc2 · d161bc2
1 parent 2e62a78
commit d161bc2
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/src/main/java/com/redhat/cloud/policies/app/auth/models/ResourceDefinitionFilter.java b/src/main/java/com/redhat/cloud/policies/app/auth/models/ResourceDefinitionFilter.java
@@ -18,8 +18,12 @@
 
 import java.util.List;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
+
 public class ResourceDefinitionFilter {
     public String key;
     public String operation;
-    public Object value;
+
+    @JsonFormat(with = JsonFormat.Feature.ACCEPT_SINGLE_VALUE_AS_ARRAY)
+    public List<String> value;
 }
diff --git a/src/test/java/com/redhat/cloud/policies/app/RbacParsingTest.java b/src/test/java/com/redhat/cloud/policies/app/RbacParsingTest.java
@@ -17,6 +17,8 @@
 package com.redhat.cloud.policies.app;
 
 import java.io.File;
+import java.util.List;
+
 
 import javax.inject.Inject;
 import org.junit.jupiter.api.Test;
@@ -28,6 +30,7 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 @QuarkusTest
 class RbacParsingTest {
@@ -83,4 +86,22 @@ void testPartialAccess() throws Exception {
         assertTrue(rbac.canDo("*", "execute"));
         assertTrue(rbac.canDo("foobar", "execute"));
     }
+
+    @Test
+    void testResourceDefinitionsParsing() throws Exception {
+        File file = new File("src/test/resources/rbac_example.json");
+        RbacRaw rbac = objectMapper.readValue(file, RbacRaw.class);
+        assertEquals(3, rbac.data.size());
+
+        assertNotNull(rbac.data.get(0).resourceDefinitions);
+        assertEquals(0, rbac.data.get(0).resourceDefinitions.size());
+
+        assertNotNull(rbac.data.get(1).resourceDefinitions);
+        assertEquals(1, rbac.data.get(1).resourceDefinitions.size());
+        assertEquals(List.of("123456"), rbac.data.get(1).resourceDefinitions.get(0).attributeFilter.value);
+
+        assertNotNull(rbac.data.get(2).resourceDefinitions);
+        assertEquals(1, rbac.data.get(2).resourceDefinitions.size());
+        assertEquals(List.of("654321"), rbac.data.get(2).resourceDefinitions.get(0).attributeFilter.value);
+    }
 }
diff --git a/src/test/resources/rbac_example.json b/src/test/resources/rbac_example.json
@@ -26,6 +26,18 @@
           }
         }
       ]
+    },
+    {
+      "permission": "foo:*:read",
+      "resourceDefinitions": [
+        {
+          "attributeFilter": {
+            "key": "hulla.accounts",
+            "operation": "in",
+            "value": ["654321"]
+          }
+        }
+      ]
     }
   ]
 }