diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2020-04-27 15:50:08 +0200 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2020-04-27 15:50:08 +0200 |
commit | edb279bdfc1db05afda93bd206cded216cc8c3d3 (patch) | |
tree | 428a16b79a6923924001f5e5dbeaf31d088319b8 | |
parent | 3cf7d545bb9cf9532747f835fbf49ab859d9e281 (diff) |
Disallow Screwdriver from submitting to the sandbox tenant
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java index 48118087a54..25ee95e6d80 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java @@ -105,7 +105,10 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase { .forEach(accessibleTenant -> roleMemberships.add(Role.athenzTenantAdmin(accessibleTenant.name()))); })); - if (identity.getDomain().equals(SCREWDRIVER_DOMAIN) && application.isPresent() && tenant.isPresent()) + if ( identity.getDomain().equals(SCREWDRIVER_DOMAIN) + && application.isPresent() + && tenant.isPresent() + && ! tenant.get().name().value().equals("sandbox")) futures.add(executor.submit(() -> { if ( tenant.get().type() == Tenant.Type.athenz && hasDeployerAccess(identity, ((AthenzTenant) tenant.get()).domain(), application.get())) |