com.oneops.proxy.authz

Class Authz

java.lang.Object

com.oneops.proxy.authz.Authz

@Component
public class Authz
extends Object

Implements Keywhiz application group authorization logic. The application group name is the env nspath, which is of the format {org}_{assembly}_{env}

Author:

Suresh

Constructor Summary

Constructors

Constructor and Description
Authz(UserRepository userRepo)

Method Summary

Modifier and Type	Method and Description
boolean	hasAdminAccess(OneOpsTeam team, AppGroup appGroup) Checks if the given team is a 'secret-admin' and has access to manage design and transition for the given application group.
boolean	isAuthorized(String appName, OneOpsUser user) Checks if OneOpsUser is authorized to manage secrets for the given application group.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Authz

public Authz(UserRepository userRepo)

Method Detail

isAuthorized

public boolean isAuthorized(@Nonnull
                            String appName,
                            @Nonnull
                            OneOpsUser user)

Checks if OneOpsUser is authorized to manage secrets for the given application group. Env nspath is used as the application group with the {org}_{assembly}_{env} format.

Parameters:

appName - Application name.

user - Authenticated user.

Returns:

true if the user is authorized.

hasAdminAccess

public boolean hasAdminAccess(OneOpsTeam team,
                              AppGroup appGroup)

Checks if the given team is a 'secret-admin' and has access to manage design and transition for the given application group.

Parameters:

team - OneOps team

appGroup - Application group

Returns:

true if the team has admin access.