@Override public ServiceAccountUsageAuthorizationResult checkServiceAccountUsageAuthorization( String serviceAccount, String principal) { return ServiceAccountUsageAuthorizationResult.builder().authorized(true).build(); } }
static RunStateData create( WorkflowInstance workflowInstance, String state, StateData stateData) { return newBuilder() .workflowInstance(workflowInstance) .state(state) .stateData(stateData) .build(); } }
private Response<TestServiceAccountUsageAuthorizationResponse> testServiceAccountUsageAuthorization( TestServiceAccountUsageAuthorizationRequest request) { final ServiceAccountUsageAuthorizationResult result = accountUsageAuthorizer.checkServiceAccountUsageAuthorization(request.serviceAccount(), request.principal()); result.errorResponse().ifPresent(e -> { throw new ResponseException(e); }); final TestServiceAccountUsageAuthorizationResponse response = new TestServiceAccountUsageAuthorizationResponseBuilder() .authorized(result.authorized()) .serviceAccount(request.serviceAccount()) .principal(request.principal()) .message(result.message()) .build(); return Response.forPayload(response); }
public static Stream<Route<AsyncHandler<Response<ByteString>>>> withCommonMiddleware( Stream<Route<AsyncHandler<Response<ByteString>>>> routes, Supplier<List<String>> clientBlacklistSupplier, RequestAuthenticator authenticator, String service) { return routes.map(r -> r .withMiddleware(httpLogger(authenticator)) .withMiddleware(authenticator(authenticator)) .withMiddleware(clientValidator(clientBlacklistSupplier)) .withMiddleware(exceptionAndRequestIdHandler()) .withMiddleware(tracer(tracer, service))); } }
public static <E, R> Middleware<Authenticated<EntityResponseHandler<E, R>>, SyncHandler<Response<ByteString>>> authedEntity( RequestAuthenticator authenticator, Middleware<EntityResponseHandler<E, R>, SyncHandler<Response<ByteString>>> entityMiddleware) { return authedEntity(entityMiddleware, authed(authenticator)); }
private Response<WorkflowInstance> haltWorkflowInstance(AuthContext ac, WorkflowInstance workflowInstance) { workflowActionAuthorizer.authorizeWorkflowAction(ac, workflowInstance.workflowId()); final Event event = Event.halt(workflowInstance); return Response.forStatus(eventInjectorHelper(event)).withPayload(workflowInstance); }
static ServiceAccountUsageAuthorizationResult ofErrorResponse(Response<?> response) { return builder().errorResponse(response).build(); } }
static RunStateDataPayload create( List<RunStateData> runStateDataList) { return new RunStateDataPayloadBuilder().activeStates(runStateDataList).build(); } }
private boolean resolveProject(Project project) throws IOException { final ResourceId resourceId = resourceId(project); if (isWhitelisted(resourceId)) { return true; } if (project.getParent() != null && isWhitelisted(project.getParent())) { return true; } return resolveProjectAccess(project.getProjectId()); }
static TestServiceAccountUsageAuthorizationResponseBuilder builder() { return new TestServiceAccountUsageAuthorizationResponseBuilder(); } }
Authenticator(GoogleIdTokenVerifier googleIdTokenVerifier, CloudResourceManager cloudResourceManager, Iam iam, AuthenticatorConfiguration configuration) { this.googleIdTokenVerifier = Objects.requireNonNull(googleIdTokenVerifier, "googleIdTokenVerifier"); this.cloudResourceManager = Objects.requireNonNull(cloudResourceManager, "cloudResourceManager"); this.iam = Objects.requireNonNull(iam, "iam"); this.domainWhitelist = configuration.domainWhitelist(); this.resourceWhitelist = configuration.resourceWhitelist(); }
public void authorizeWorkflowAction(AuthContext ac, Workflow workflow) { final GoogleIdToken idToken = ac.user().orElseThrow(AssertionError::new); final Optional<String> serviceAccount = workflow.configuration().serviceAccount(); if (!serviceAccount.isPresent()) { return; } serviceAccountUsageAuthorizer.authorizeServiceAccountUsage(workflow.id(), serviceAccount.get(), idToken); } }
private static boolean isActiveState(RunStateData runStateData) { final String state = runStateData.state(); switch (state) { case UNKNOWN: return false; case WAITING: return false; default: return !RunState.State.valueOf(state).isTerminal(); } }
static ServiceAccountUsageAuthorizationResultBuilder builder() { return new ServiceAccountUsageAuthorizationResultBuilder(); }
public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> httpLogger( RequestAuthenticator authenticator) { return httpLogger(LOG, authenticator); }
static AuthenticatorConfigurationBuilder builder() { return new AuthenticatorConfigurationBuilder(); }
static RunStateDataBuilder newBuilder() { return new RunStateDataBuilder(); }
public static Middleware<SyncHandler<? extends Response<?>>, AsyncHandler<Response<ByteString>>> json() { return innerHandler -> jsonAsync().apply(Middleware.syncToAsync(innerHandler)); }
private RunStateData runStateToRunStateData(RunState state) { return RunStateData.newBuilder() .workflowInstance(state.workflowInstance()) .state(state.state().name()) .stateData(state.data()) .latestTimestamp(state.timestamp()) .build(); }