Update invalidateUserSessionsBefore every time a user role for tenant is removed

author: Valerij Fredriksen <valerijf@yahooinc.com> 2022-08-12 09:56:00 +0200
committer: Valerij Fredriksen <valerijf@yahooinc.com> 2022-08-12 13:35:32 +0200
commit: 4524b4678e7b5486ba6ff02685a73322893c0b5f (patch)
tree: 750944e730c1671adad4d9516fb4a3442a9468e7
parent: 58bc70d49ca1bd442c54c06d13fb10ba2c5f8fbf (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
index c13f46dacde..a407e5aa211 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
@@ -275,6 +275,11 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
         removeDeveloperKey(tenant, user, roles);
         users.removeFromRoles(user, roles);
 
+        controller.tenants().lockIfPresent(tenant, LockedTenant.class, lockedTenant -> {
+            if (lockedTenant instanceof LockedTenant.Cloud cloudTenant)
+                controller.tenants().store(cloudTenant.withInvalidateUserSessionsBefore(controller.clock().instant()));
+        });
+
         return new MessageResponse(user + " is no longer a member of " + roles.stream().map(Role::toString).collect(Collectors.joining(", ")));
     }
author	Valerij Fredriksen <valerijf@yahooinc.com>	2022-08-12 09:56:00 +0200
committer	Valerij Fredriksen <valerijf@yahooinc.com>	2022-08-12 13:35:32 +0200
commit	4524b4678e7b5486ba6ff02685a73322893c0b5f (patch)
tree	750944e730c1671adad4d9516fb4a3442a9468e7
parent	58bc70d49ca1bd442c54c06d13fb10ba2c5f8fbf (diff)