diff --git a/sources/src/main/java/com/google/solutions/jitaccess/cel/TemporaryIamCondition.java b/sources/src/main/java/com/google/solutions/jitaccess/cel/TemporaryIamCondition.java index 472923e2d..2dba4a669 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/cel/TemporaryIamCondition.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/cel/TemporaryIamCondition.java @@ -76,7 +76,7 @@ public TemporaryIamCondition(@NotNull String condition) { Instant.parse(matcher.group(1)), Instant.parse(matcher.group(2))); } - catch (DateTimeParseException e) {} + catch (DateTimeParseException ignored) {} } throw new IllegalArgumentException("Condition is not a temporary IAM condition"); diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/EntitlementSet.java b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/EntitlementSet.java index c012e6a4a..a4af18025 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/EntitlementSet.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/EntitlementSet.java @@ -73,9 +73,9 @@ public record EntitlementSet( // var availableAndInactive = availableEntitlements .stream() - .filter(ent -> !validActivations + .filter(ent -> validActivations .stream() - .anyMatch(active -> active.entitlementId().equals(ent.id()))) + .noneMatch(active -> active.entitlementId().equals(ent.id()))) .collect(Collectors.toCollection(TreeSet::new)); assert availableAndInactive.stream().noneMatch(e -> validActivations.contains(e.id())); diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/JustificationPolicy.java b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/JustificationPolicy.java index 4a40da504..14478cd00 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/JustificationPolicy.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/JustificationPolicy.java @@ -22,6 +22,8 @@ package com.google.solutions.jitaccess.core.catalog; import com.google.solutions.jitaccess.core.UserEmail; +import jakarta.validation.constraints.Null; +import org.jetbrains.annotations.NotNull; /** * Policy for verifying justification messages. @@ -31,8 +33,8 @@ public interface JustificationPolicy { * Check that a justification meets criteria. */ void checkJustification( - UserEmail user, - String justification + @NotNull UserEmail user, + @Null String justification ) throws InvalidJustificationException; /** diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/RegexJustificationPolicy.java b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/RegexJustificationPolicy.java index 3fc816c2f..60e116099 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/RegexJustificationPolicy.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/RegexJustificationPolicy.java @@ -25,6 +25,7 @@ import com.google.common.base.Strings; import com.google.solutions.jitaccess.core.UserEmail; import jakarta.inject.Singleton; +import jakarta.validation.constraints.Null; import org.jetbrains.annotations.NotNull; import java.util.regex.Pattern; @@ -43,8 +44,8 @@ public RegexJustificationPolicy(@NotNull Options options) { @Override public void checkJustification( - UserEmail user, - @NotNull String justification + @NotNull UserEmail user, + @Null String justification ) throws InvalidJustificationException { if ( Strings.isNullOrEmpty(justification) || diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/AssetInventoryRepository.java b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/AssetInventoryRepository.java index 8bcb09dda..195db0966 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/AssetInventoryRepository.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/AssetInventoryRepository.java @@ -115,7 +115,7 @@ static T awaitAndRethrow(@NotNull CompletableFuture future) throws Access this.executor); var principalSetForUser = new PrincipalSet(user, awaitAndRethrow(listMembershipsFuture)); - var allBindings = awaitAndRethrow(effectivePoliciesFuture) + return awaitAndRethrow(effectivePoliciesFuture) .stream() // All bindings, across all resources in the ancestry. @@ -124,7 +124,6 @@ static T awaitAndRethrow(@NotNull CompletableFuture future) throws Access // Only bindings that apply to the user. .filter(binding -> principalSetForUser.isMember(binding)) .collect(Collectors.toList()); - return allBindings; } //--------------------------------------------------------------------------- @@ -204,8 +203,7 @@ public SortedSet findProjectsWithEntitlements( allAvailable.addAll(jitEligible); allAvailable.addAll(mpaEligible .stream() - .filter(r -> !jitEligible.stream().anyMatch(a -> a.id().equals(r.id()))) - .collect(Collectors.toList())); + .filter(r -> jitEligible.stream().noneMatch(a -> a.id().equals(r.id()))).toList()); } // @@ -217,8 +215,7 @@ public SortedSet findProjectsWithEntitlements( for (var binding : allBindings.stream() // Only temporary access bindings. - .filter(binding -> JitConstraints.isActivated(binding.getCondition())) - .collect(Collectors.toUnmodifiableList())) + .filter(binding -> JitConstraints.isActivated(binding.getCondition())).toList()) { var condition = new TemporaryIamCondition(binding.getCondition().getExpression()); boolean isValid; @@ -301,15 +298,14 @@ public SortedSet findProjectsWithEntitlements( } }, this.executor)) - .collect(Collectors.toList()); + .toList(); var allMembers = new HashSet<>(allUserMembers); for (var listMembersFuture : listMembersFutures) { var members = awaitAndRethrow(listMembersFuture) .stream() - .map(m -> new UserEmail(m.getEmail())) - .collect(Collectors.toList()); + .map(m -> new UserEmail(m.getEmail())).toList(); allMembers.addAll(members); } diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/PolicyAnalyzerRepository.java b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/PolicyAnalyzerRepository.java index 11ff3bf84..125a48a85 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/PolicyAnalyzerRepository.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/PolicyAnalyzerRepository.java @@ -242,8 +242,8 @@ private record ConditionalRoleBinding(RoleBinding binding, Expr condition) {} allAvailable.addAll(jitEligible); allAvailable.addAll(mpaEligible .stream() - .filter(r -> !jitEligible.stream().anyMatch(a -> a.id().equals(r.id()))) - .collect(Collectors.toList())); + .filter(r -> jitEligible.stream().noneMatch(a -> a.id().equals(r.id()))) + .toList()); } var allActive = new HashSet>(); diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/ProjectRoleActivator.java b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/ProjectRoleActivator.java index 1e96fa175..989f1f253 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/ProjectRoleActivator.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/catalog/project/ProjectRoleActivator.java @@ -178,6 +178,7 @@ public JsonWebToken.Payload convert(@NotNull MpaActivationRequest convert(JsonWebToken.@NotNull Payload payload) { var roleBinding = new RoleBinding( diff --git a/sources/src/main/java/com/google/solutions/jitaccess/core/clients/ResourceManagerClient.java b/sources/src/main/java/com/google/solutions/jitaccess/core/clients/ResourceManagerClient.java index c46fdcaa2..80ca36729 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/core/clients/ResourceManagerClient.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/core/clients/ResourceManagerClient.java @@ -386,9 +386,7 @@ public static boolean equals(@NotNull Binding lhs, @NotNull Binding rhs, boolean return false; } - if (!Objects.equals(lhs.getCondition().getDescription(), rhs.getCondition().getDescription())) { - return false; - } + return Objects.equals(lhs.getCondition().getDescription(), rhs.getCondition().getDescription()); } } diff --git a/sources/src/main/java/com/google/solutions/jitaccess/web/RuntimeEnvironment.java b/sources/src/main/java/com/google/solutions/jitaccess/web/RuntimeEnvironment.java index e4a12c535..700e8c763 100644 --- a/sources/src/main/java/com/google/solutions/jitaccess/web/RuntimeEnvironment.java +++ b/sources/src/main/java/com/google/solutions/jitaccess/web/RuntimeEnvironment.java @@ -81,9 +81,14 @@ public class RuntimeEnvironment { // Private helpers. // ------------------------------------------------------------------------- - private static HttpResponse getMetadata(String path) throws IOException { - GenericUrl genericUrl = new GenericUrl(ComputeEngineCredentials.getMetadataServerUrl() + path); - HttpRequest request = new NetHttpTransport().createRequestFactory().buildGetRequest(genericUrl); + private static HttpResponse getMetadata() throws IOException { + var genericUrl = new GenericUrl( + ComputeEngineCredentials.getMetadataServerUrl() + + "/computeMetadata/v1/project/?recursive=true"); + + var request = new NetHttpTransport() + .createRequestFactory() + .buildGetRequest(genericUrl); request.setParser(new JsonObjectParser(GsonFactory.getDefaultInstance())); request.getHeaders().set("Metadata-Flavor", "Google"); @@ -136,7 +141,7 @@ public RuntimeEnvironment() { // try { GenericData projectMetadata = - getMetadata("/computeMetadata/v1/project/?recursive=true").parseAs(GenericData.class); + getMetadata().parseAs(GenericData.class); this.projectId = (String) projectMetadata.get("projectId"); this.projectNumber = projectMetadata.get("numericProjectId").toString();