Allow access to /user/v1/user

author: Valerij Fredriksen <valerijf@verizonmedia.com> 2019-12-02 13:08:30 +0100
committer: Valerij Fredriksen <valerijf@verizonmedia.com> 2019-12-02 13:09:30 +0100
commit: c68656dd94e71ec552f9a44d04eb55d99e7cdb5b (patch)
tree: 0cb6268b7734f7eeb89856fe8c88fa18d2722268
parent: da486958bfe7dfef7959115478a64173f7ce5da1 (diff)
3 files changed, 9 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 4601ebde925..6e16035156f 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -176,6 +176,10 @@ enum PathGroup {
                    "/static/{*}",
                    "/statuspage/v1/{*}"),
 
+    /** Same as classifiedInfo, but with optional /api prefix */
+    classifiedApiInfo(Optional.of("/api"),
+                      "/user/v1/user"),
+
     /** Paths providing public information. */
     publicInfo(Optional.of("/api"),
                "/badge/v1/{*}",
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index 074d3ef7e95..b1587575909 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -118,6 +118,10 @@ enum Policy {
                             .on(PathGroup.allExcept(PathGroup.classifiedOperator))
                             .in(SystemName.main, SystemName.cd, SystemName.dev)),
 
+    classifiedApiRead(Privilege.grant(Action.read)
+            .on(PathGroup.classifiedApiInfo)
+            .in(SystemName.all())),
+
     /** Read access to public info. */
     publicRead(Privilege.grant(Action.read)
                         .on(PathGroup.publicInfo)
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index 67efdc3017d..6edce9fe0db 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -22,6 +22,7 @@ public enum RoleDefinition {
 
     /** Base role which every user is part of. */
     everyone(Policy.classifiedRead,
+             Policy.classifiedApiRead,
              Policy.publicRead,
              Policy.userCreate,
              Policy.tenantCreate),
author	Valerij Fredriksen <valerijf@verizonmedia.com>	2019-12-02 13:08:30 +0100
committer	Valerij Fredriksen <valerijf@verizonmedia.com>	2019-12-02 13:09:30 +0100
commit	c68656dd94e71ec552f9a44d04eb55d99e7cdb5b (patch)
tree	0cb6268b7734f7eeb89856fe8c88fa18d2722268
parent	da486958bfe7dfef7959115478a64173f7ce5da1 (diff)