Merge pull request #5510 from vespa-engine/mpolden/fix-user-tenant-filter

Fix filter in /application/v4/user
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2018-04-09 14:40:47 +0200
committer: GitHub <noreply@github.com> 2018-04-09 14:40:47 +0200
commit: 06566d5417af75f66465a117ececde31a834aefb (patch)
tree: 791d939ed355cbf293912069aa1731e3713e08da
parent: e5b2095628ed2aa7c24245f403d086b04ef0727c (diff)
parent: fc4b8761cfc22262a25fd190da3f6e6cc593e7c2 (diff)
2 files changed, 11 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
index 8a5573d0112..ae73f964b1c 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
@@ -79,7 +79,7 @@ public class TenantController {
         Set<AthenzDomain> userDomains = new HashSet<>(athenzClientFactory.createZtsClientWithServicePrincipal()
                                                                          .getTenantDomainsForUser(athenzUser));
         return asList().stream()
-                       .filter(tenant -> tenant instanceof UserTenant||
+                       .filter(tenant -> isUser(tenant, user) ||
                                          userDomains.stream().anyMatch(domain -> inDomain(tenant, domain)))
                        .collect(Collectors.toList());
     }
@@ -231,6 +231,10 @@ public class TenantController {
         return tenant instanceof AthenzTenant && ((AthenzTenant) tenant).in(domain);
     }
 
+    private static boolean isUser(Tenant tenant, UserId userId) {
+        return tenant instanceof UserTenant && ((UserTenant) tenant).is(userId.id());
+    }
+
     private static String dashToUnderscore(String s) {
         return s.replace('-', '_');
     }
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index 4d0a17a74f4..1e8c44c68ca 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -337,6 +337,12 @@ public class ApplicationApiTest extends ControllerContainerTest {
                                       .data(data)
                                       .userIdentity(new UserId("new_user")), // Normalized to by-new-user by API
                               new File("create-user-response.json"));
+
+        // GET user lists only tenants for the authenticated user
+        tester.assertResponse(request("/application/v4/user", GET)
+                                      .userIdentity(new UserId("other_user")),
+                              "{\"user\":\"other_user\",\"tenants\":[],\"tenantExists\":false}");
+
         // OPTIONS return 200 OK
         tester.assertResponse(request("/application/v4/", Request.Method.OPTIONS),
                               "");
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2018-04-09 14:40:47 +0200
committer	GitHub <noreply@github.com>	2018-04-09 14:40:47 +0200
commit	06566d5417af75f66465a117ececde31a834aefb (patch)
tree	791d939ed355cbf293912069aa1731e3713e08da
parent	e5b2095628ed2aa7c24245f403d086b04ef0727c (diff)
parent	fc4b8761cfc22262a25fd190da3f6e6cc593e7c2 (diff)