Merge pull request #3810 from vespa-engine/bjorncs/warn-on-deprecated-principal

Warn when using deprecated authorization validation
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2017-10-18 14:06:44 +0200
committer: GitHub <noreply@github.com> 2017-10-18 14:06:44 +0200
commit: 763e101464a79969617e55f2dbc15eb1122f9ee2 (patch)
tree: 6cba192bdab6006e7e553f6b7c6fa1f8f1bb5994
parent: dd464652142d20871f471638eca9e40933101ca5 (diff)
parent: 0b7b360e32fc3444d657c7db1ade6de79a2eb76c (diff)
2 files changed, 3 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 55a435abe41..c50f1464be7 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -769,6 +769,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
                                                           tenant,
                                                           applicationId);
         } else { // In case of host-based principal
+            // TODO What about other user type principals like Bouncer?
+            log.log(LogLevel.WARNING,
+                    "Using deprecated DeployAuthorizer.throwIfUnauthorizedForDeploy. Principal=" + principal);
             UserId userId = new UserId(principal.getName());
             deployAuthorizer.throwIfUnauthorizedForDeploy(
                     Environment.from(environment),
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java
index e3bce56778c..7cf19629774 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java
@@ -90,7 +90,6 @@ public class DeployAuthorizer {
                                              Tenant tenant,
                                              ApplicationId applicationId,
                                              Optional<ScrewdriverId> optionalScrewdriverId) {
-
         Principal principal = new UnauthenticatedUserPrincipal(userId.id());
 
         if (athenzCredentialsRequired(environment, tenant, applicationId, principal)) {
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2017-10-18 14:06:44 +0200
committer	GitHub <noreply@github.com>	2017-10-18 14:06:44 +0200
commit	763e101464a79969617e55f2dbc15eb1122f9ee2 (patch)
tree	6cba192bdab6006e7e553f6b7c6fa1f8f1bb5994
parent	dd464652142d20871f471638eca9e40933101ca5 (diff)
parent	0b7b360e32fc3444d657c7db1ade6de79a2eb76c (diff)