This is an automated email from the ASF dual-hosted git repository.
lmccay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 6c26ec610 KNOX-3036 - Add Primary Group Virtual Group (#905)
6c26ec610 is described below
commit 6c26ec6101b715d00219771997cd3b792893b6ee
Author: lmccay <[email protected]>
AuthorDate: Mon May 6 10:35:38 2024 -0400
KNOX-3036 - Add Primary Group Virtual Group (#905)
* KNOX-3036 - Add Primary Group Virtual Group
---
.../identityasserter/common/filter/VirtualGroupMapper.java | 11 +++++++++++
.../java/org/apache/knox/gateway/plang/InterpreterTest.java | 11 +++++++++++
2 files changed, 22 insertions(+)
diff --git
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java
index 9ab392019..783835f6e 100644
---
a/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java
+++
b/gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/VirtualGroupMapper.java
@@ -32,6 +32,7 @@ import org.apache.knox.gateway.plang.AbstractSyntaxTree;
import org.apache.knox.gateway.plang.Interpreter;
public class VirtualGroupMapper {
+ public static final String PRIMARY_GROUP = "$PRIMARY_GROUP";
private final IdentityAsserterMessages LOG =
MessagesFactory.get(IdentityAsserterMessages.class);
private final Map<String, AbstractSyntaxTree> virtualGroupToPredicateMap;
@@ -46,6 +47,9 @@ public class VirtualGroupMapper {
Set<String> virtualGroups = new HashSet<>();
for (Map.Entry<String, AbstractSyntaxTree> each :
virtualGroupToPredicateMap.entrySet()) {
String virtualGroupName = each.getKey();
+ // check for logical virtual groups - names to be dynamically
created
+ virtualGroupName = resolveLogicalGroupName(username,
virtualGroupName);
+
AbstractSyntaxTree predicate = each.getValue();
if (evalPredicate(virtualGroupName, username, groups, predicate,
request)) {
virtualGroups.add(virtualGroupName);
@@ -56,6 +60,13 @@ public class VirtualGroupMapper {
return virtualGroups;
}
+ private String resolveLogicalGroupName(String username, String
virtualGroupName) {
+ if (PRIMARY_GROUP.equalsIgnoreCase(virtualGroupName)) {
+ virtualGroupName = username;
+ }
+ return virtualGroupName;
+ }
+
/**
* @return true if the user should be added to the virtual group based on
the given predicate
*/
diff --git
a/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java
b/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java
index 8e7880d7d..aea7ef921 100644
---
a/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java
+++
b/gateway-util-common/src/test/java/org/apache/knox/gateway/plang/InterpreterTest.java
@@ -268,6 +268,17 @@ public class InterpreterTest {
assertFalse((boolean)eval("(empty groups)"));
}
+ /**
+ * Adding the ability to create a primary group
+ * (group with same name as username) when it is missing
+ */
+ @Test
+ public void testPrimaryGroup() {
+ interpreter.addConstant("username", "user1");
+ interpreter.addConstant("groups", singletonList("grp1"));
+ assertTrue((boolean)eval("(not (member username))"));
+ }
+
@Test
public void testLowerUpper() {
assertEquals("apple", eval("(lowercase 'APPLE')"));
