diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-10-31 11:49:42 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-10-31 11:49:42 +0100 |
commit | ccd004c7170f7d8d6edf28f5e323bcd4f7e4a4b9 (patch) | |
tree | f70a9dae7bc398ae4220b1b260cc44300b6f4098 | |
parent | 6b4a177ac3a6109431e81e9302b8b7af5efe62e0 (diff) |
Be consistent on curly braces. Remove NPE when not authenticated
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java index d6560af6ac3..71126259417 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java @@ -39,10 +39,12 @@ public class DeployAuthorizer { Environment environment, Tenant tenant, ApplicationId applicationId) { - if (!environmentRequiresAuthorization(environment)) return; + if (!environmentRequiresAuthorization(environment)) { + return; + } if (principal == null) { - throw loggedUnauthorizedException("Principal '%s' is not authenticated.", principal.getName()); + throw loggedUnauthorizedException("Principal not authenticated!"); } if (!(principal instanceof AthenzPrincipal)) { @@ -54,20 +56,22 @@ public class DeployAuthorizer { AthenzPrincipal athenzPrincipal = (AthenzPrincipal) principal; AthenzDomain principalDomain = athenzPrincipal.getDomain(); - if (!principalDomain.equals(AthenzUtils.SCREWDRIVER_DOMAIN)) + if (!principalDomain.equals(AthenzUtils.SCREWDRIVER_DOMAIN)) { throw loggedForbiddenException( "Principal '%s' is not a Screwdriver principal. Excepted principal with Athenz domain '%s', got '%s'.", principal.getName(), AthenzUtils.SCREWDRIVER_DOMAIN.id(), principalDomain.id()); + } // NOTE: no fine-grained deploy authorization for non-Athenz tenants if (tenant.isAthensTenant()) { AthenzDomain tenantDomain = tenant.getAthensDomain().get(); - if ( ! hasDeployAccessToAthenzApplication(athenzPrincipal, tenantDomain, applicationId)) + if (!hasDeployAccessToAthenzApplication(athenzPrincipal, tenantDomain, applicationId)) { throw loggedForbiddenException( "Screwdriver principal '%1$s' does not have deploy access to '%2$s'. " + "Either the application has not been created at " + zoneRegistry.getDashboardUri() + " or " + "'%1$s' is not added to the application's deployer role in Athenz domain '%3$s'.", athenzPrincipal.toYRN(), applicationId, tenantDomain.id()); + } } } |