b/316247020 Refactor class structure

sources/pom.xml

@@ -24,7 +24,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.solutions</groupId>
   <artifactId>jitaccess</artifactId>
-  <version>1.5.0</version>
+  <version>1.5.1</version>
   <properties>
     <surefire-plugin.version>3.2.3</surefire-plugin.version>
     <maven.compiler.target>17</maven.compiler.target>

sources/src/main/java/com/google/solutions/jitaccess/core/AnnotatedResult.java → sources/src/main/java/com/google/solutions/jitaccess/core/Annotated.java

@@ -1,5 +1,5 @@
 //
-// Copyright 2021 Google LLC
+// Copyright 2023 Google LLC
 //
 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
@@ -23,35 +23,19 @@
 
 import com.google.common.base.Preconditions;
 
-import java.util.List;
+import java.util.Collection;
 import java.util.Set;
 
 /**
- * Result list of T with an optional set of warnings.
+ * @param items collection of items
+ * @param warnings warnings encountered
  */
-public class AnnotatedResult<T> {
-  /**
-   * List of bindings. Might be incomplete if Warnings is non-empty.
-   */
-  private final List<T> items;
-
-  /**
-   * Non-fatal issues encountered. Use a set to avoid duplicates.
-   */
-  private final Set<String> warnings;
-
-  public AnnotatedResult(List<T> roleBindings, Set<String> warnings) {
-    Preconditions.checkNotNull(roleBindings);
-
-    this.items = roleBindings;
-    this.warnings = warnings;
-  }
-
-  public List<T> getItems() {
-    return this.items;
-  }
-
-  public Set<String> getWarnings() {
-    return warnings;
+public record Annotated<TColl extends Collection<?>>(
+  TColl items,
+  Set<String> warnings
+) {
+  public Annotated {
+    Preconditions.checkNotNull(items, "items");
+    Preconditions.checkNotNull(warnings, "warnings");
   }
 }

sources/src/main/java/com/google/solutions/jitaccess/core/Exceptions.java

@@ -27,7 +27,7 @@ private Exceptions() {}
   public static String getFullMessage(Throwable e) {
     var buffer = new StringBuilder();
 
-    for (var exception = e; e != null; e = e.getCause()) {
+    for (; e != null; e = e.getCause()) {
       if (buffer.length() > 0) {
         buffer.append(", caused by ");
         buffer.append(e.getClass().getSimpleName());

sources/src/main/java/com/google/solutions/jitaccess/core/entitlements/RoleBinding.java → sources/src/main/java/com/google/solutions/jitaccess/core/RoleBinding.java

@@ -19,10 +19,9 @@
 // under the License.
 //
 
-package com.google.solutions.jitaccess.core.entitlements;
+package com.google.solutions.jitaccess.core;
 
 import com.google.common.base.Preconditions;
-import com.google.solutions.jitaccess.core.ProjectId;
 
 import java.util.Comparator;
 

sources/src/main/java/com/google/solutions/jitaccess/core/catalog/Activation.java

@@ -0,0 +1,36 @@
+//
+// Copyright 2023 Google LLC
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.google.solutions.jitaccess.core.catalog;
+
+import com.google.common.base.Preconditions;
+
+/**
+ * Represents a successful activation of one or more entitlements.
+ */
+public record Activation<TEntitlementId extends EntitlementId>(
+  ActivationRequest<TEntitlementId> request
+) {
+  public Activation {
+    Preconditions.checkNotNull(request, "request");
+    Preconditions.checkArgument(!request.entitlements().isEmpty());
+  }
+}

sources/src/main/java/com/google/solutions/jitaccess/core/catalog/ActivationId.java

@@ -0,0 +1,50 @@
+//
+// Copyright 2023 Google LLC
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.google.solutions.jitaccess.core.catalog;
+
+import com.google.common.base.Preconditions;
+
+import java.security.SecureRandom;
+import java.util.Base64;
+
+/**
+ * Unique ID of an activation.
+ */
+public record ActivationId(String id) {
+  public ActivationId {
+    Preconditions.checkNotNull(id);
+  }
+
+  private static final SecureRandom random = new SecureRandom();
+
+  public static ActivationId newId(ActivationType type) {
+    var id = new byte[12];
+    random.nextBytes(id);
+
+    return new ActivationId(type.name().toLowerCase() + "-" + Base64.getEncoder().encodeToString(id));
+  }
+
+  @Override
+  public String toString() {
+    return this.id;
+  }
+}

sources/src/main/java/com/google/solutions/jitaccess/core/catalog/ActivationRequest.java

@@ -0,0 +1,137 @@
+//
+// Copyright 2023 Google LLC
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.google.solutions.jitaccess.core.catalog;
+
+import com.google.common.base.Preconditions;
+import com.google.solutions.jitaccess.core.UserId;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Collection;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * Represents a request for activating one or more entitlements.
+ */
+public abstract class ActivationRequest<TEntitlementId extends EntitlementId> {
+  private final ActivationId id;
+  private final Instant startTime;
+  private final Duration duration;
+  private final UserId requestingUser;
+  private final Set<TEntitlementId> entitlements;
+  private final String justification;
+
+  protected ActivationRequest(
+    ActivationId id,
+    UserId requestingUser,
+    Set<TEntitlementId> entitlements,
+    String justification,
+    Instant startTime,
+    Duration duration
+    ) {
+
+    Preconditions.checkNotNull(id, "id");
+    Preconditions.checkNotNull(requestingUser, "user");
+    Preconditions.checkNotNull(entitlements, "entitlements");
+    Preconditions.checkNotNull(justification, "justification");
+    Preconditions.checkNotNull(startTime);
+    Preconditions.checkNotNull(startTime);
+
+    Preconditions.checkArgument(
+      !entitlements.isEmpty(),
+      "At least one entitlement must be specified");
+
+    Preconditions.checkArgument(
+      !duration.isZero() &&! duration.isNegative(),
+      "The duration must be positive");
+
+    this.id = id;
+    this.startTime = startTime;
+    this.duration = duration;
+    this.requestingUser = requestingUser;
+    this.entitlements = entitlements;
+    this.justification = justification;
+  }
+
+  /**
+   * @return unique ID of the request.
+   */
+  public ActivationId id() {
+    return this.id;
+  }
+
+  /**
+   * @return start time for requested access.
+   */
+  public Instant startTime() {
+    return this.startTime;
+  }
+
+  /**
+   * @return duration of requested activation.
+   */
+  public Duration duration() {
+    return this.duration;
+  }
+
+  /**
+   * @return end time for requested access.
+   */
+  public Instant endTime() {
+    return this.startTime.plus(this.duration);
+  }
+
+  /**
+   * @return user that requested access.
+   */
+  public UserId requestingUser() {
+    return this.requestingUser;
+  }
+
+  /**
+   * @return one or more entitlements.
+   */
+  public Collection<TEntitlementId> entitlements() {
+    return this.entitlements;
+  }
+
+  /**
+   * @return user-provided justification for the request.
+   */
+  public String justification() {
+    return this.justification;
+  }
+
+  public abstract ActivationType type();
+
+  @Override
+  public String toString() {
+    return String.format(
+      "[%s] entitlements=%s, startTime=%s, duration=%s, justification=%s",
+      this.id,
+      this.entitlements.stream().map(e -> e.toString()).collect(Collectors.joining(",")),
+      this.startTime,
+      this.duration,
+      this.justification);
+  }
+}

sources/src/main/java/com/google/solutions/jitaccess/core/catalog/ActivationType.java

@@ -0,0 +1,33 @@
+//
+// Copyright 2023 Google LLC
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.google.solutions.jitaccess.core.catalog;
+
+public enum ActivationType {
+  /** Entitlement can be activated using self-approval */
+  JIT,
+
+  /** Entitlement can be activated using multi-party approval.  */
+  MPA,
+
+  /** Entitlement can no longer be activated. */
+  NONE
+}