diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-04-09 14:40:47 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-09 14:40:47 +0200 |
commit | 06566d5417af75f66465a117ececde31a834aefb (patch) | |
tree | 791d939ed355cbf293912069aa1731e3713e08da | |
parent | e5b2095628ed2aa7c24245f403d086b04ef0727c (diff) | |
parent | fc4b8761cfc22262a25fd190da3f6e6cc593e7c2 (diff) |
Merge pull request #5510 from vespa-engine/mpolden/fix-user-tenant-filter
Fix filter in /application/v4/user
2 files changed, 11 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index 8a5573d0112..ae73f964b1c 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -79,7 +79,7 @@ public class TenantController { Set<AthenzDomain> userDomains = new HashSet<>(athenzClientFactory.createZtsClientWithServicePrincipal() .getTenantDomainsForUser(athenzUser)); return asList().stream() - .filter(tenant -> tenant instanceof UserTenant|| + .filter(tenant -> isUser(tenant, user) || userDomains.stream().anyMatch(domain -> inDomain(tenant, domain))) .collect(Collectors.toList()); } @@ -231,6 +231,10 @@ public class TenantController { return tenant instanceof AthenzTenant && ((AthenzTenant) tenant).in(domain); } + private static boolean isUser(Tenant tenant, UserId userId) { + return tenant instanceof UserTenant && ((UserTenant) tenant).is(userId.id()); + } + private static String dashToUnderscore(String s) { return s.replace('-', '_'); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 4d0a17a74f4..1e8c44c68ca 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -337,6 +337,12 @@ public class ApplicationApiTest extends ControllerContainerTest { .data(data) .userIdentity(new UserId("new_user")), // Normalized to by-new-user by API new File("create-user-response.json")); + + // GET user lists only tenants for the authenticated user + tester.assertResponse(request("/application/v4/user", GET) + .userIdentity(new UserId("other_user")), + "{\"user\":\"other_user\",\"tenants\":[],\"tenantExists\":false}"); + // OPTIONS return 200 OK tester.assertResponse(request("/application/v4/", Request.Method.OPTIONS), ""); |