in sources/src/main/java/com/google/solutions/jitaccess/catalog/policy/PolicyDocument.java [409:485]
public record SystemElement(
@JsonProperty("name") String name,
@JsonProperty("description") String description,
@JsonProperty("access") List<AccessControlEntryElement> acl,
@JsonProperty("constraints") ConstraintsElement constraints,
@JsonProperty("groups") List<GroupElement> groups
) {
static SystemElement toYaml(@NotNull SystemPolicy policy) {
return new SystemElement(
policy.name(),
Strings.nullToEmpty(policy.description()),
policy.accessControlList()
.map(acl -> acl
.entries()
.stream()
.map(AccessControlEntryElement::toYaml)
.toList())
.orElse(null),
ConstraintsElement.toYaml(policy.constraints()),
policy
.groups()
.stream()
.map(GroupElement::toYaml)
.toList());
}
@NotNull Optional<SystemPolicy> toPolicy(@NotNull IssueCollection issues) {
issues.setScope(Coalesce.nonEmpty(this.name, "Unnamed system"));
var groups = Coalesce
.emptyIfNull(this.groups)
.stream()
.filter(s -> s != null)
.map(s -> s.toPolicy(issues))
.toList();
var aces = Coalesce
.emptyIfNull(this.acl)
.stream()
.map(e -> e.toPolicy(issues))
.toList();
var constraints = (this.constraints != null ? this.constraints : ConstraintsElement.EMPTY)
.toPolicy(issues);
return NullaryOptional
.ifTrue(
constraints.isPresent() &&
groups.stream().allMatch(Optional::isPresent)&&
aces.stream().allMatch(Optional::isPresent))
.map(() -> {
try {
var policy = new SystemPolicy(
this.name,
Strings.nullToEmpty(this.description),
this.acl == null
? null
: new AccessControlList(aces.stream().map(Optional::get).toList()),
constraints.get());
groups
.stream()
.map(Optional::get)
.forEach(policy::add);
return policy;
}
catch (Exception e) {
issues.error(
Issue.Code.SYSTEM_INVALID,
"The system configuration is invalid: %s",
e.getMessage());
return null;
}
});
}
}