This is an automated email from the ASF dual-hosted git repository. lmccay pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push: new 6c26ec610 KNOX-3036 - Add Primary Group Virtual Group (#905) 6c26ec610 is described below commit 6c26ec6101b715d00219771997cd3b792893b6ee Author: lmccay <lmc...@apache.org> AuthorDate: Mon May 6 10:35:38 2024 -0400 KNOX-3036 - Add Primary Group Virtual Group (#905) * KNOX-3036 - Add Primary Group Virtual Group --- .../identityasserter/common/filter/VirtualGroupMapper.java | 11 +++++++++++ .../java/org/apache/knox/gateway/plang/InterpreterTest.java | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java index 9ab392019..783835f6e 100644 --- a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java +++ b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java @@ -32,6 +32,7 @@ import org.apache.knox.gateway.plang.AbstractSyntaxTree; import org.apache.knox.gateway.plang.Interpreter; public class VirtualGroupMapper { + public static final String PRIMARY_GROUP = "$PRIMARY_GROUP"; private final IdentityAsserterMessages LOG = MessagesFactory.get(IdentityAsserterMessages.class); private final Map<String, AbstractSyntaxTree> virtualGroupToPredicateMap; @@ -46,6 +47,9 @@ public class VirtualGroupMapper { Set<String> virtualGroups = new HashSet<>(); for (Map.Entry<String, AbstractSyntaxTree> each : virtualGroupToPredicateMap.entrySet()) { String virtualGroupName = each.getKey(); + // check for logical virtual groups - names to be dynamically created + virtualGroupName = resolveLogicalGroupName(username, virtualGroupName); + AbstractSyntaxTree predicate = each.getValue(); if (evalPredicate(virtualGroupName, username, groups, predicate, request)) { virtualGroups.add(virtualGroupName); @@ -56,6 +60,13 @@ public class VirtualGroupMapper { return virtualGroups; } + private String resolveLogicalGroupName(String username, String virtualGroupName) { + if (PRIMARY_GROUP.equalsIgnoreCase(virtualGroupName)) { + virtualGroupName = username; + } + return virtualGroupName; + } + /** * @return true if the user should be added to the virtual group based on the given predicate */ diff --git a/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java b/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java index 8e7880d7d..aea7ef921 100644 --- a/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java +++ b/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java @@ -268,6 +268,17 @@ public class InterpreterTest { assertFalse((boolean)eval("(empty groups)")); } + /** + * Adding the ability to create a primary group + * (group with same name as username) when it is missing + */ + @Test + public void testPrimaryGroup() { + interpreter.addConstant("username", "user1"); + interpreter.addConstant("groups", singletonList("grp1")); + assertTrue((boolean)eval("(not (member username))")); + } + @Test public void testLowerUpper() { assertEquals("apple", eval("(lowercase 'APPLE')"));