private Predicate<ServiceAccount> getServiceAccountPredicate(boolean isAdmin, List<String> roleNames) { if (isAdmin) { return svcAcct -> true; } if (fiatRoleConfig.isOrMode()) { return svcAcct -> CollectionUtils.intersection(roleNames, svcAcct.getMemberOf()).size() > 0; } else { return svcAcct -> roleNames.containsAll(svcAcct.getMemberOf()); } }
ServiceAccount svcAcct = new ServiceAccount(); svcAcct.setName(generateSvcAcctName(pipeline)); svcAcct.setMemberOf(roles); ExecutionStatus.SUCCEEDED, ImmutableMap.of("pipeline.serviceAccount", svcAcct.getName()));
private Predicate<ServiceAccount> getServiceAccountPredicate(boolean isAdmin, List<String> roleNames) { if (isAdmin) { return svcAcct -> true; } if (fiatRoleConfig.isOrMode()) { return svcAcct -> CollectionUtils.intersection(roleNames, svcAcct.getMemberOf()).size() > 0; } else { return svcAcct -> roleNames.containsAll(svcAcct.getMemberOf()); } }
@Override public Set<ServiceAccount> getAllRestricted(@NonNull Set<Role> roles, boolean isAdmin) throws ProviderException { List<String> roleNames = roles.stream().map(Role::getName).collect(Collectors.toList()); return getAll() .stream() .filter(svcAcct -> !svcAcct.getMemberOf().isEmpty()) .filter(getServiceAccountPredicate(isAdmin, roleNames)) .collect(Collectors.toSet()); }
@Override public Set<ServiceAccount> getAllRestricted(@NonNull Set<Role> roles, boolean isAdmin) throws ProviderException { List<String> roleNames = roles.stream().map(Role::getName).collect(Collectors.toList()); return getAll() .stream() .filter(svcAcct -> !svcAcct.getMemberOf().isEmpty()) .filter(getServiceAccountPredicate(isAdmin, roleNames)) .collect(Collectors.toSet()); }