diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2020-04-28 09:34:01 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-28 09:34:01 +0200 |
commit | 1b8ce53455faabc812bcf1467af2c2af617c07b0 (patch) | |
tree | 469dc426aa8204e0983911bba285d04c67d904d9 | |
parent | 8813f90af3c887090eb72afd33f2bdba94798dd0 (diff) | |
parent | edb279bdfc1db05afda93bd206cded216cc8c3d3 (diff) |
Merge pull request #13082 from vespa-engine/jonmv/no-sandbox-in-prod
Disallow Screwdriver from submitting to the sandbox tenant
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java index 48118087a54..25ee95e6d80 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java @@ -105,7 +105,10 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase { .forEach(accessibleTenant -> roleMemberships.add(Role.athenzTenantAdmin(accessibleTenant.name()))); })); - if (identity.getDomain().equals(SCREWDRIVER_DOMAIN) && application.isPresent() && tenant.isPresent()) + if ( identity.getDomain().equals(SCREWDRIVER_DOMAIN) + && application.isPresent() + && tenant.isPresent() + && ! tenant.get().name().value().equals("sandbox")) futures.add(executor.submit(() -> { if ( tenant.get().type() == Tenant.Type.athenz && hasDeployerAccess(identity, ((AthenzTenant) tenant.get()).domain(), application.get())) |