Skip to content

Commit

Permalink
Gjør lokal tilgangsbeslutning PepImpl uavhengig av cluster
Browse files Browse the repository at this point in the history
  • Loading branch information
@espenwaaga
espenwaaga committed Apr 25, 2023
1 parent 2dbfd41 commit b27f8c7
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions felles/abac/src/main/java/no/nav/vedtak/sikkerhet/abac/PepImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ public class PepImpl implements Pep {
private Set<String> pipUsers;
private TokenProvider tokenProvider;
private String preAuthorized;
private String residentClusterNamespace;
private String residentNamespace;

public PepImpl() {
}
Expand All @@ -46,7 +46,7 @@ public PepImpl(PdpKlient pdpKlient,
this.tokenProvider = tokenProvider;
this.pipUsers = konfigurePipUsers(pipUsers);
this.preAuthorized = ENV.getProperty(AzureProperty.AZURE_APP_PRE_AUTHORIZED_APPS.name()); // eg json array av objekt("name", "clientId")
this.residentClusterNamespace = ENV.clusterName() + ":" + ENV.namespace();
this.residentNamespace = ENV.namespace();
}

protected Set<String> konfigurePipUsers(String pipUsers) {
Expand Down Expand Up @@ -84,7 +84,7 @@ private boolean harTilgang(BeskyttetRessursAttributter attributter) {
if (consumer == null || !preAuthorized.contains(consumer)) {
return false;
}
if (consumer.startsWith(residentClusterNamespace) || builder.internAzureConsumer(consumer)) {
if (consumer.contains(residentNamespace) || builder.internAzureConsumer(consumer)) {
return true;
}
return AvailabilityType.ALL.equals(attributter.getAvailabilityType());
Expand Down

0 comments on commit b27f8c7

Please sign in to comment.