diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2017-10-18 14:06:44 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-18 14:06:44 +0200 |
commit | 763e101464a79969617e55f2dbc15eb1122f9ee2 (patch) | |
tree | 6cba192bdab6006e7e553f6b7c6fa1f8f1bb5994 | |
parent | dd464652142d20871f471638eca9e40933101ca5 (diff) | |
parent | 0b7b360e32fc3444d657c7db1ade6de79a2eb76c (diff) |
Merge pull request #3810 from vespa-engine/bjorncs/warn-on-deprecated-principal
Warn when using deprecated authorization validation
2 files changed, 3 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 55a435abe41..c50f1464be7 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -769,6 +769,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler { tenant, applicationId); } else { // In case of host-based principal + // TODO What about other user type principals like Bouncer? + log.log(LogLevel.WARNING, + "Using deprecated DeployAuthorizer.throwIfUnauthorizedForDeploy. Principal=" + principal); UserId userId = new UserId(principal.getName()); deployAuthorizer.throwIfUnauthorizedForDeploy( Environment.from(environment), diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java index e3bce56778c..7cf19629774 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java @@ -90,7 +90,6 @@ public class DeployAuthorizer { Tenant tenant, ApplicationId applicationId, Optional<ScrewdriverId> optionalScrewdriverId) { - Principal principal = new UnauthenticatedUserPrincipal(userId.id()); if (athenzCredentialsRequired(environment, tenant, applicationId, principal)) { |