Package com.cloudforgeci.api.core.iam

Class PermissionMatrix

java.lang.Object

com.cloudforgeci.api.core.iam.PermissionMatrix

public final class PermissionMatrix
extends Object

Permission Matrix defining the minimum required permissions for each topology/runtime combination. This ensures that no unnecessary permissions are granted and follows the principle of least privilege.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final record	PermissionMatrix.ValidationResult	Validation result containing success status and any issues found.

Field Summary

Fields

Modifier and Type	Field	Description
static final Map<IAMProfile,List<String>>	ALB_PERMISSIONS	ALB permissions based on IAM profile.
static final List<String>	CORE_PERMISSIONS	Core permissions required for all Jenkins deployments regardless of topology/runtime.
static final Map<IAMProfile,List<String>>	EC2_PERMISSIONS	EC2-specific permissions based on IAM profile.
static final Map<IAMProfile,List<String>>	EFS_PERMISSIONS	EFS permissions based on IAM profile.
static final Map<IAMProfile,List<String>>	FARGATE_PERMISSIONS	Fargate-specific permissions based on IAM profile.

Method Summary

Modifier and Type	Method	Description
static List<String>	getRequiredPermissions(TopologyType topology, RuntimeType runtime, IAMProfile iamProfile)	Gets the required permissions for a specific topology/runtime/iam combination.
static PermissionMatrix.ValidationResult	validatePermissions(TopologyType topology, RuntimeType runtime, IAMProfile iamProfile, List<String> providedPermissions)	Validates that the provided permissions are appropriate for the given combination.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CORE_PERMISSIONS

public static final List<String> CORE_PERMISSIONS

Core permissions required for all Jenkins deployments regardless of topology/runtime.

EC2_PERMISSIONS

public static final Map<IAMProfile,List<String>> EC2_PERMISSIONS

EC2-specific permissions based on IAM profile.

FARGATE_PERMISSIONS

public static final Map<IAMProfile,List<String>> FARGATE_PERMISSIONS

Fargate-specific permissions based on IAM profile.

EFS_PERMISSIONS

public static final Map<IAMProfile,List<String>> EFS_PERMISSIONS

EFS permissions based on IAM profile.

ALB_PERMISSIONS

public static final Map<IAMProfile,List<String>> ALB_PERMISSIONS

ALB permissions based on IAM profile.

Method Details

getRequiredPermissions

public static List<String> getRequiredPermissions(TopologyType topology,
 RuntimeType runtime,
 IAMProfile iamProfile)

Gets the required permissions for a specific topology/runtime/iam combination.

Parameters:

topology - the topology type

runtime - the runtime type

iamProfile - the IAM profile

Returns:

list of required permissions

validatePermissions

public static PermissionMatrix.ValidationResult validatePermissions(TopologyType topology,
 RuntimeType runtime,
 IAMProfile iamProfile,
 List<String> providedPermissions)

Validates that the provided permissions are appropriate for the given combination.

Parameters:

topology - the topology type

runtime - the runtime type

iamProfile - the IAM profile

providedPermissions - the permissions being granted

Returns:

validation result with any issues found