diff options
author | Valerij Fredriksen <valerijf@verizonmedia.com> | 2019-12-02 13:08:30 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@verizonmedia.com> | 2019-12-02 13:09:30 +0100 |
commit | c68656dd94e71ec552f9a44d04eb55d99e7cdb5b (patch) | |
tree | 0cb6268b7734f7eeb89856fe8c88fa18d2722268 | |
parent | da486958bfe7dfef7959115478a64173f7ce5da1 (diff) |
Allow access to /user/v1/user
3 files changed, 9 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 4601ebde925..6e16035156f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -176,6 +176,10 @@ enum PathGroup { "/static/{*}", "/statuspage/v1/{*}"), + /** Same as classifiedInfo, but with optional /api prefix */ + classifiedApiInfo(Optional.of("/api"), + "/user/v1/user"), + /** Paths providing public information. */ publicInfo(Optional.of("/api"), "/badge/v1/{*}", diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index 074d3ef7e95..b1587575909 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -118,6 +118,10 @@ enum Policy { .on(PathGroup.allExcept(PathGroup.classifiedOperator)) .in(SystemName.main, SystemName.cd, SystemName.dev)), + classifiedApiRead(Privilege.grant(Action.read) + .on(PathGroup.classifiedApiInfo) + .in(SystemName.all())), + /** Read access to public info. */ publicRead(Privilege.grant(Action.read) .on(PathGroup.publicInfo) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 67efdc3017d..6edce9fe0db 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -22,6 +22,7 @@ public enum RoleDefinition { /** Base role which every user is part of. */ everyone(Policy.classifiedRead, + Policy.classifiedApiRead, Policy.publicRead, Policy.userCreate, Policy.tenantCreate), |