in sources/src/main/java/com/google/solutions/jitaccess/catalog/policy/PolicyDocument.java [325:406]
public record EnvironmentElement(
@JsonProperty("name") String name,
@JsonProperty("description") String description,
@JsonProperty("access") List<AccessControlEntryElement> acl,
@JsonProperty("constraints") ConstraintsElement constraints,
@JsonProperty("systems") List<SystemElement> systems
) {
static EnvironmentElement toYaml(
@NotNull EnvironmentPolicy policy
) {
return new EnvironmentElement(
policy.name(),
Strings.nullToEmpty(policy.description()),
policy.accessControlList()
.map(acl -> acl
.entries()
.stream()
.map(AccessControlEntryElement::toYaml)
.toList())
.orElse(null),
ConstraintsElement.toYaml(policy.constraints()),
policy
.systems()
.stream()
.map(SystemElement::toYaml)
.toList());
}
@NotNull Optional<EnvironmentPolicy> toPolicy(
@NotNull IssueCollection issues,
@NotNull Policy.Metadata metadata) {
issues.setScope(Coalesce.nonEmpty(this.name, "Unnamed environment"));
var systems = Coalesce
.emptyIfNull(this.systems)
.stream()
.map(s -> s.toPolicy(issues))
.toList();
var aces = Coalesce
.emptyIfNull(this.acl)
.stream()
.map(e -> e.toPolicy(issues))
.toList();
var constraints = (this.constraints != null ? this.constraints : ConstraintsElement.EMPTY)
.toPolicy(issues);
return NullaryOptional
.ifTrue(
constraints.isPresent() &&
systems.stream().allMatch(Optional::isPresent) &&
aces.stream().allMatch(Optional::isPresent))
.map(() -> {
try {
var policy = new EnvironmentPolicy(
Coalesce.nonEmpty(this.name, metadata.defaultName()),
Strings.nullToEmpty(this.description),
this.acl == null
? EnvironmentPolicy.DEFAULT_ACCESS_CONTROL_LIST
: new AccessControlList(aces.stream().map(Optional::get).toList()),
constraints.get(),
metadata);
systems
.stream()
.map(Optional::get)
.forEach(policy::add);
return policy;
}
catch (Exception e) {
issues.error(
Issue.Code.ENVIRONMENT_INVALID,
"The environment configuration is invalid: %s",
e.getMessage());
return null;
}
});
}
}