#538 Fail for yaml lists with more than one item underneath authorizable

ghenzler · ghenzler · commit 9d29f50f1dc2 · 2021-01-07T08:59:44.000+01:00
config
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java
@@ -217,18 +217,20 @@ private AuthorizablesConfig getAuthorizableBeans(
             final List<Map<String, Object>> currentAuthorizableData = (List<Map<String, Object>>) currentMap.get(currentAuthorizableIdFromYaml);
 
             if ((currentAuthorizableData != null) && !currentAuthorizableData.isEmpty()) {
-
-                for (final Map<String, Object> currentPrincipalDataMap : currentAuthorizableData) {
-                    try {
-                        final AuthorizableConfigBean tmpPrincipalConfigBean = getNewAuthorizableConfigBean();
-                        setupAuthorizableBean(tmpPrincipalConfigBean, currentPrincipalDataMap, currentAuthorizableIdFromYaml, isGroupSection);
-                        if (authorizableValidator != null) {
-                            authorizableValidator.validate(tmpPrincipalConfigBean);
-                        }
-                        authorizableBeans.add(tmpPrincipalConfigBean);
-                    } catch (AcConfigBeanValidationException e) {
-                        throw new AcConfigBeanValidationException("Invalid authorizable " + currentAuthorizableIdFromYaml, e);
+                
+                if(currentAuthorizableData.size() > 1) {
+                    throw new AcConfigBeanValidationException("Invalid authorizable " + currentAuthorizableIdFromYaml +" - configuration needs to contain exactly one yaml list entry");
+                }
+                try {
+                    Map<String, Object> currentPrincipalDataMap = currentAuthorizableData.get(0);
+                    final AuthorizableConfigBean tmpPrincipalConfigBean = getNewAuthorizableConfigBean();
+                    setupAuthorizableBean(tmpPrincipalConfigBean, currentPrincipalDataMap, currentAuthorizableIdFromYaml, isGroupSection);
+                    if (authorizableValidator != null) {
+                        authorizableValidator.validate(tmpPrincipalConfigBean);
                     }
+                    authorizableBeans.add(tmpPrincipalConfigBean);
+                } catch (AcConfigBeanValidationException e) {
+                    throw new AcConfigBeanValidationException("Invalid authorizable " + currentAuthorizableIdFromYaml, e);
                 }
             }
 
diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMergerTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMergerTest.java
@@ -88,6 +88,11 @@ public void testReadInvalidYaml2() throws IOException, RepositoryException, AcCo
         getAcConfigurationForFile(getConfigurationMerger(), session, "test-invalid2.yaml");
     }
 
+    @Test(expected = AcConfigBeanValidationException.class)
+    public void testReadInvalidYaml3() throws IOException, RepositoryException, AcConfigBeanValidationException {
+        getAcConfigurationForFile(getConfigurationMerger(), session, "test-invalid3.yaml");
+    }
+    
     @Test()
     public void testReadEmptyYaml() throws IOException, RepositoryException, AcConfigBeanValidationException {
         getAcConfigurationForFile(getConfigurationMerger(), session, "test-empty.yaml");
diff --git a/accesscontroltool-bundle/src/test/resources/test-invalid3.yaml b/accesscontroltool-bundle/src/test/resources/test-invalid3.yaml
@@ -0,0 +1,8 @@
+
+- group_config:
+
+    - fragment-xyz-editor:
+        - path: /home/groups/test
+        # only one item allowed underneath group name 
+        - isMemberOf:
+            - fragment-xyz
