Package org.azd.security

Class SecurityApi

java.lang.Object
org.azd.utils.AzDAsyncApi<SecurityApi>
org.azd.security.SecurityApi
All Implemented Interfaces:
SecurityDetails
public class SecurityApi extends AzDAsyncApi<SecurityApi> implements SecurityDetails

  • Constructor Details

    • SecurityApi

      public SecurityApi(Connection connection)
      Pass the connection object to work with Security Api
      Parameters:
      connection - Connection object

  • Method Details

    • getNamespaces

      public SecurityNamespaces getNamespaces() throws AzDException
      return all security namespaces, remote and local

      Security namespaces are used to store access control lists (ACLs) on tokens.

      Specified by:
      getNamespaces in interface SecurityDetails
      Returns:
      SecurityNamespaces SecurityNamespaces
      Throws:
      AzDException - Default Api Exception handler.

    • getNamespaces

      public SecurityNamespaces getNamespaces(boolean localOnly) throws AzDException
      return all security namespaces, remote and local

      Local vs. remote

      • Security namespaces may have their data mastered in one microservice, but still be visible in other microservices.
      • If a security namespace's data is mastered in microservice X, it is said to be local to that microservice. Otherwise, it is said to be remote.
      Specified by:
      getNamespaces in interface SecurityDetails
      Parameters:
      localOnly - whether to include only local or all namespaces
      Returns:
      SecurityNamespaces SecurityNamespaces
      Throws:
      AzDException - Default Api Exception handler.

    • getNamespace

      public SecurityNamespace getNamespace(String namespaceId) throws AzDException
      return a namespace with the specific identifier
      Specified by:
      getNamespace in interface SecurityDetails
      Parameters:
      namespaceId - namespace identifier
      Returns:
      SecurityNamespace SecurityNamespace
      Throws:
      AzDException - Default Api Exception handler.

    • getAccessControlLists

      public ACLs getAccessControlLists(String namespaceId) throws AzDException
      Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.
      Specified by:
      getAccessControlLists in interface SecurityDetails
      Parameters:
      namespaceId - identifier of namespace
      Returns:
      ACLs ACLs
      Throws:
      AzDException - Default Api Exception handler.

    • getAccessControlLists

      public ACLs getAccessControlLists(String namespaceId, String[] descriptors, String token, boolean includeExtendedInfo, boolean recurse) throws AzDException
      Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.
      Specified by:
      getAccessControlLists in interface SecurityDetails
      Parameters:
      namespaceId - identifier of namespace
      descriptors - An optional filter string containing a list of identity descriptors separated by ',' whose ACEs should be retrieved. If this is left null, entire ACLs will be returned.
      token - Security token. See Security namespace and permission reference for Azure DevOps
      includeExtendedInfo - If true, populate the extended information properties for the access control entries contained in the returned lists.
      recurse - If true and this is a hierarchical namespace, return child ACLs of the specified token.
      Returns:
      ACLs ACLs
      Throws:
      AzDException - Default Api Exception handler.

    • getIdentities

      public Identities getIdentities(String[] descriptors, String[] identityIds, String[] subjectDescriptors, String filterValue, String queryMembership, String searchFilter) throws AzDException
      Resolve legacy identity information for use with older APIs such as the Security APIs
      Specified by:
      getIdentities in interface SecurityDetails
      Parameters:
      descriptors - A list of identity descriptors to resolve
      identityIds - A list of storage keys to resolve
      subjectDescriptors - list of subject descriptors to resolve
      filterValue - The search value, as specified by the searchFilter.
      queryMembership - The membership information to include with the identities. Values can be None for no membership data or Direct to include the groups that the identity is a member of and the identities that are a member of this identity (groups only)
      searchFilter - The type of search to perform. Values can be AccountName (domain\alias), DisplayName, MailAddress, General (display name, account name, or unique name), or LocalGroupName (only search Azure Devops groups).
      Returns:
      Identities Identities
      Throws:
      AzDException - Default Api Exception handler.

    • getIdentitiesFromSubjectDescriptors

      public Identities getIdentitiesFromSubjectDescriptors(String... subjectDescriptors) throws AzDException
      see getIdentities(String[], String[], String[], String, String, String) shortcut to provide var args list of subjectDescriptors only
      Specified by:
      getIdentitiesFromSubjectDescriptors in interface SecurityDetails
      Parameters:
      subjectDescriptors - list of subject descriptors to resolve
      Returns:
      Identities Identities
      Throws:
      AzDException - Default Api Exception handler.

    • setAccessControlEntries

      public ACEs setAccessControlEntries(String namespaceId, ACEs payload) throws AzDException
      Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of ACEs and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.
      Specified by:
      setAccessControlEntries in interface SecurityDetails
      Parameters:
      namespaceId - Security namespace identifier.
      payload - An array of ACEs. Class for encapsulating the allowed and denied permissions for a given IdentityDescriptor.
      Returns:
      ACEs ACEs
      Throws:
      AzDException - Default Api Exception handler.

    • removeAccessControlEntries

      public Void removeAccessControlEntries(String namespaceId, String[] descriptors, String[] tokens) throws AzDException
      Remove the specified ACEs from the ACL belonging to the specified token.
      Specified by:
      removeAccessControlEntries in interface SecurityDetails
      Parameters:
      namespaceId - Security namespace identifier.
      descriptors - A list of identity descriptors whose entries should be removed.
      tokens - A list of tokens whose ACL should be modified.
      Throws:
      AzDException - Default Api Exception handler.

    • setAccessControlList

      public Void setAccessControlList(String namespaceId, ACLs payload) throws AzDException
      Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten.
      Specified by:
      setAccessControlList in interface SecurityDetails
      Parameters:
      namespaceId - Security namespace identifier.
      payload - ACLs ACLs
      Throws:
      AzDException - Default Api Exception handler.

    • removeAccessControlLists

      public Void removeAccessControlLists(String namespaceId, boolean recurse, String[] tokens) throws AzDException
      Remove access control lists under the specified security namespace.
      Specified by:
      removeAccessControlLists in interface SecurityDetails
      Parameters:
      namespaceId - Security namespace identifier.
      recurse - If true and this is a hierarchical namespace, also remove child ACLs of the specified tokens.
      tokens - One or more comma-separated security tokens
      Throws:
      AzDException - Default Api Exception handler.