PolicyAuthorization.java example

Explorer
eucalyptus-master
- clc
  - modules
/*************************************************************************
 * Copyright 2009-2015 Eucalyptus Systems, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 3 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see http://www.gnu.org/licenses/.
 *
 * Please contact Eucalyptus Systems, Inc., 6755 Hollister Ave., Goleta
 * CA 93117, USA or visit http://www.eucalyptus.com/licenses/ if you need
 * additional information or have any questions.
 ************************************************************************/
package com.eucalyptus.auth.policy;

import static org.hamcrest.Matchers.notNullValue;
import static com.eucalyptus.auth.policy.PolicyUtils.checkParam;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import com.eucalyptus.auth.principal.Authorization;
import com.eucalyptus.auth.principal.Condition;
import com.eucalyptus.auth.principal.Principal;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;

/**
 *
 */
public class PolicyAuthorization implements Authorization {

  private final String statementId;

  private final Authorization.EffectType effect;

  private final String region;

  // The account name or number resource this authorization applies to.
  private final String account;

  // The type of resource this authorization applies to, used to restrict search.
  private final String type;

  private final PolicyPrincipal principal;

  private final List<Condition> conditions;

  // If action list is negated, i.e. NotAction
  private final boolean notAction;

  private final Set<String> actions;

  // If resource list is negated, i.e. NotResource
  private final boolean notResource;

  private final Set<String> resources;

  private final Set<String> policyVariables;

  public PolicyAuthorization(
      @Nullable final String statementId,
      @Nonnull  final Authorization.EffectType effect,
      @Nullable final String region,
      @Nullable final String account,
      @Nullable final String type,
      @Nullable final PolicyPrincipal principal,
      @Nonnull  final List<PolicyCondition> conditions,
      @Nonnull  final Set<String> actions,
                final boolean notAction,
      @Nonnull  final Set<String> resources,
                final boolean notResource,
      @Nonnull  final Set<String> policyVariables
  ) {
    checkParam( "effect", effect, notNullValue() );
    checkParam( "conditions", conditions, notNullValue() );
    checkParam( "actions", actions, notNullValue() );
    checkParam( "resources", resources, notNullValue() );
    checkParam( "policyVariables", policyVariables, notNullValue() );
    this.statementId = PolicyUtils.intern( statementId );
    this.effect = effect;
    this.region = PolicyUtils.intern( region );
    this.account = PolicyUtils.intern( account );
    this.type = PolicyUtils.intern( type );
    this.principal = PolicyUtils.intern( principal );
    this.conditions = ImmutableList.copyOf( Iterables.transform( conditions, PolicyUtils.internCondition() ) );
    this.actions = ImmutableSet.copyOf( Iterables.transform( actions, PolicyUtils.internString( ) ) );
    this.notAction = notAction;
    this.resources = ImmutableSet.copyOf( Iterables.transform( resources, PolicyUtils.internString( ) ) );
    this.notResource = notResource;
    this.policyVariables = ImmutableSet.copyOf( Iterables.transform( policyVariables, PolicyUtils.internString( ) ) );
  }

  public PolicyAuthorization(
      final String statementId,
      final Authorization.EffectType effect,
      final PolicyPrincipal principal,
      final List<PolicyCondition> conditions,
      final Set<String> actions,
      final boolean notAction,
      final Set<String> policyVariables
  ) {
    this(
        statementId,
        effect,
        null,
        null,
        null,
        principal,
        conditions,
        actions,
        notAction,
        Collections.<String>emptySet( ),
        false,
        policyVariables
    );
  }

  public String getStatementId() {
    return statementId;
  }

  public EffectType getEffect() {
    return effect;
  }

  @Override
  public String getRegion() {
    return region;
  }

  public String getAccount() {
    return account;
  }

  public String getType() {
    return type;
  }

  public boolean isNotAction() {
    return notAction;
  }

  public Set<String> getActions() {
    return actions;
  }

  public boolean isNotResource() {
    return notResource;
  }

  public Set<String> getResources() {
    return resources;
  }

  @Override
  public List<Condition> getConditions( ) {
    return conditions;
  }

  @Nonnull
  @Override
  public Set<String> getPolicyVariables( ) {
    return policyVariables;
  }

  @Override
  public Principal getPrincipal( ) {
    return principal;
  }

  @Override
  public boolean equals( final Object o ) {
    if ( this == o ) return true;
    if ( o == null || getClass() != o.getClass() ) return false;

    final PolicyAuthorization that = (PolicyAuthorization) o;

    if ( notAction != that.notAction ) return false;
    if ( notResource != that.notResource ) return false;
    if ( region != null ? !region.equals( that.region ) : that.region != null ) return false;
    if ( account != null ? !account.equals( that.account ) : that.account != null ) return false;
    if ( !actions.equals( that.actions ) ) return false;
    if ( !conditions.equals( that.conditions ) ) return false;
    if ( effect != that.effect ) return false;
    if ( principal != null ? !principal.equals( that.principal ) : that.principal != null ) return false;
    if ( !resources.equals( that.resources ) ) return false;
    if ( !policyVariables.equals( that.policyVariables ) ) return false;
    if ( statementId != null ? !statementId.equals( that.statementId ) : that.statementId != null ) return false;
    if ( type != null ? !type.equals( that.type ) : that.type != null ) return false;

    return true;
  }

  @Override
  public int hashCode() {
    int result = statementId != null ? statementId.hashCode() : 0;
    result = 31 * result + effect.hashCode();
    result = 31 * result + ( region != null ? region.hashCode() : 0 );
    result = 31 * result + ( account != null ? account.hashCode() : 0 );
    result = 31 * result + ( type != null ? type.hashCode() : 0 );
    result = 31 * result + ( principal != null ? principal.hashCode() : 0 );
    result = 31 * result + conditions.hashCode();
    result = 31 * result + ( notAction ? 1 : 0 );
    result = 31 * result + actions.hashCode();
    result = 31 * result + ( notResource ? 1 : 0 );
    result = 31 * result + resources.hashCode();
    result = 31 * result + policyVariables.hashCode();
    return result;
  }
}