Renames fields

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
2023-11-30 14:38:28 +01:00 · 2023-11-30 14:38:28 +01:00 · 4572179aac
parent c32efbb508
commit 4572179aac
3 changed files with 33 additions and 38 deletions
--- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
+++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
@ -666,13 +666,13 @@ che.oauth2.gitlab.clientsecret_filepath=NULL

 ### Advanced authorization
 # Comma separated list of users allowed to access Che.
-che.infra.kubernetes.advanced_authorization.allowed_users=NULL
+che.infra.kubernetes.advanced_authorization.allow_users=NULL

 # Comma separated list of groups of users allowed to access Che.
-che.infra.kubernetes.advanced_authorization.allowed_groups=NULL
+che.infra.kubernetes.advanced_authorization.allow_groups=NULL

-# Comma separated list of users disallowed to access Che.
-che.infra.kubernetes.advanced_authorization.disabled_users=NULL
+# Comma separated list of users denied to access Che.
+che.infra.kubernetes.advanced_authorization.deny_users=NULL

-# Comma separated list of groups of users disallowed to access Che.
-che.infra.kubernetes.advanced_authorization.disabled_groups=NULL
+# Comma separated list of groups of users denied to access Che.
+che.infra.kubernetes.advanced_authorization.deny_groups=NULL
--- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/authorization/KubernetesAuthorizationCheckerImpl.java
+++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/authorization/KubernetesAuthorizationCheckerImpl.java
@ -23,17 +23,15 @@ import org.eclipse.che.commons.annotation.Nullable;
@Singleton
 public class KubernetesAuthorizationCheckerImpl implements AuthorizationChecker {

-  private final Set<String> allowedUsers;
-  private final Set<String> disabledUsers;
+  private final Set<String> allowUsers;
+  private final Set<String> denyUsers;

  @Inject
  public KubernetesAuthorizationCheckerImpl(
-      @Nullable @Named("che.infra.kubernetes.advanced_authorization.allowed_users")
-          String allowedUsers,
-      @Nullable @Named("che.infra.kubernetes.advanced_authorization.disabled_users")
-          String disabledUsers) {
-    this.allowedUsers = strToSet(allowedUsers);
-    this.disabledUsers = strToSet(disabledUsers);
+      @Nullable @Named("che.infra.kubernetes.advanced_authorization.allow_users") String allowUsers,
+      @Nullable @Named("che.infra.kubernetes.advanced_authorization.deny_users") String denyUsers) {
+    this.allowUsers = strToSet(allowUsers);
+    this.denyUsers = strToSet(denyUsers);
  }

  public boolean isAuthorized(String username) {
@ -41,10 +39,10 @@ public class KubernetesAuthorizationCheckerImpl implements AuthorizationChecker
  }

  private boolean isAllowedUser(String username) {
-    return allowedUsers.isEmpty() || allowedUsers.contains(username);
+    return allowUsers.isEmpty() || allowUsers.contains(username);
  }

  private boolean isDisabledUser(String username) {
-    return !disabledUsers.isEmpty() && disabledUsers.contains(username);
+    return !denyUsers.isEmpty() && denyUsers.contains(username);
  }
 }
--- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/authorization/OpenShiftAuthorizationCheckerImpl.java
+++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/authorization/OpenShiftAuthorizationCheckerImpl.java
@ -30,26 +30,23 @@ public class OpenShiftAuthorizationCheckerImpl implements AuthorizationChecker {

  private final CheServerKubernetesClientFactory cheServerKubernetesClientFactory;

-  private final Set<String> allowedUsers;
-  private final Set<String> allowedGroups;
-  private final Set<String> disabledUsers;
-  private final Set<String> disabledGroups;
+  private final Set<String> allowUsers;
+  private final Set<String> allowGroups;
+  private final Set<String> denyUsers;
+  private final Set<String> denyGroups;

  @Inject
  public OpenShiftAuthorizationCheckerImpl(
-      @Nullable @Named("che.infra.kubernetes.advanced_authorization.allowed_users")
-          String allowedUsers,
-      @Nullable @Named("che.infra.kubernetes.advanced_authorization.allowed_groups")
-          String allowedGroups,
-      @Nullable @Named("che.infra.kubernetes.advanced_authorization.disabled_users")
-          String disabledUsers,
-      @Nullable @Named("che.infra.kubernetes.advanced_authorization.disabled_groups")
-          String disabledGroups,
+      @Nullable @Named("che.infra.kubernetes.advanced_authorization.allow_users") String allowUsers,
+      @Nullable @Named("che.infra.kubernetes.advanced_authorization.allow_groups")
+          String allowGroups,
+      @Nullable @Named("che.infra.kubernetes.advanced_authorization.deny_users") String denyUsers,
+      @Nullable @Named("che.infra.kubernetes.advanced_authorization.deny_groups") String denyGroups,
      CheServerKubernetesClientFactory cheServerKubernetesClientFactory) {
-    this.allowedUsers = strToSet(allowedUsers);
-    this.allowedGroups = strToSet(allowedGroups);
-    this.disabledUsers = strToSet(disabledUsers);
-    this.disabledGroups = strToSet(disabledGroups);
+    this.allowUsers = strToSet(allowUsers);
+    this.allowGroups = strToSet(allowGroups);
+    this.denyUsers = strToSet(denyUsers);
+    this.denyGroups = strToSet(denyGroups);
    this.cheServerKubernetesClientFactory = cheServerKubernetesClientFactory;
  }

@ -60,15 +57,15 @@ public class OpenShiftAuthorizationCheckerImpl implements AuthorizationChecker {

  private boolean isAllowedUser(KubernetesClient client, String username) {
    // All users from all groups are allowed by default
-    if (allowedUsers.isEmpty() && allowedGroups.isEmpty()) {
+    if (allowUsers.isEmpty() && allowGroups.isEmpty()) {
      return true;
    }

-    if (allowedUsers.contains(username)) {
+    if (allowUsers.contains(username)) {
      return true;
    }

-    for (String groupName : allowedGroups) {
+    for (String groupName : allowGroups) {
      Group group = client.resources(Group.class).withName(groupName).get();
      if (group != null && group.getUsers().contains(username)) {
        return true;
@ -80,15 +77,15 @@ public class OpenShiftAuthorizationCheckerImpl implements AuthorizationChecker {

  private boolean isDisabledUser(KubernetesClient client, String username) {
    // All users from all groups are allowed by default
-    if (disabledUsers.isEmpty() && disabledGroups.isEmpty()) {
+    if (denyUsers.isEmpty() && denyGroups.isEmpty()) {
      return false;
    }

-    if (disabledUsers.contains(username)) {
+    if (denyUsers.contains(username)) {
      return true;
    }

-    for (String groupName : disabledGroups) {
+    for (String groupName : denyGroups) {
      Group group = client.resources(Group.class).withName(groupName).get();
      if (group != null && group.getUsers().contains(username)) {
        return true;